#Privacy: 25% of companies disclose data breaches despite in GDPR era

A high number of businesses in Europe are choosing to not disclose cyber-security breaches to the public, despite the risk of heavy GDPR fines, a new study reports.

According to the research, less than a fifth (19%) of corporations gave official notification of hacks they suffered over the last five years, despite 66% of firms surveyed saying they were aware of their legal obligations under new EU data laws in terms of reporting to their local Data Protection Authority.

RSM’s Catch-22 report studies the need for digital transformation and the risks presented by cyber threat, drawing on data collected from middle market businesses across Europe through the European Business Awards.

Researchers discovered that 75% of cyber-attacks are not published, with many companies indicating that they turn a blind eye to their legal obligations. Nearly half of the companies surveyed said that they were not aware of the impact data breaches had had on their organisation.

Just 31% of those who do monitor the effects of cyber-attacks said that the incident had had a negative impact on internal morale; 14% said that such scenarios led to a loss of revenue, while 7% said that a cyber-attack had damaged the brand. The researchers say that this suggests that 48% of companies would be strongly advised to take a pro-active approach to hacks in future, instead of sweeping such occurrences under the carpet.

RSM found that almost half (46%) of successful cyber-attacks were leveraged through phishing, campaigns no doubt helped by the fact that 22% of firms still fail to provide cyber-security training to their employees.

Commenting on the findings, Gregor Strobl, Co-Head of Risk Advisory Services, RSM Germany, said:

“Without question, human error is inevitable and poses the biggest security risk to businesses. When it comes to cybersecurity, it is costing European middle market businesses dearly.

“It is vitally important to ensure that staff know how to recognise and respond… It is troubling, but unsurprising, that so few cyberattacks are ever made public to the authorities or affected businesses. Transparency is key to raising awareness, catching criminals and minimising the damage but the rules need to be clearer and applied more consistently.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/