You are here

Back to top

Most cyberattacks not revealed in spite of GDPR

75% of attacks never become public knowledge despite GDPR breach notification requirements, says a new European study, with 62% of clients believing hackers are more sophisticated than security software developers

Nearly two-fifths of European businesses have knowingly fallen victim to a cyberattack in the last five years, with 64% admitting that they may have been hacked unknowingly, according to a new report by RSM, the leading middle market audit, tax and consulting network. This is compounded by a sense of apathy and acceptance, as 62% of respondents believe hackers are more sophisticated than security software developers.

The research, which was conducted for RSM by the European Business Awards, surveyed 597 business decision makers across 33 European countries, suggests that employees are the weak link in many European businesses. Almost half (46%) of successful attacks targeted employees via emails in a practice known as phishing with 22% of businesses still providing no cybersecurity training to their staff.

Despite the European General Data Protection Regulation (GDPR) requiring firms to report certain types of data breach within the first 72 hours of detection, 75% of hacks never become public knowledge with just 23% of businesses choosing to inform the regulator following a breach. Although reputational damage is a key concern for respondents, genuine confusion appears to be driving the lack of transparency with a third (34%) admitting that they do not understand the circumstances in which they would need to report a breach.

Gregor Strobl, Co-Head of Risk Advisory Services, RSM Germany, said:

"Without question, human error is inevitable and poses the biggest security risk to businesses. When it comes to cybersecurity, it is costing European middle market businesses dearly. Hackers are skillful manipulators and well-versed in taking advantage of our curiosity through carefully crafted phishing emails. It is vitally important to ensure that staff know how to recognise and respond if they are targeted by ransomware or phishing attacks.

This theme of the race against the hackers is a key part of the content being considered for the channel's own security event Channel-Sec to be held in London next March.