13 Sep 2019

39% of European businesses admit to being breached by a cyberattack but the majority of hacks remain

  • Almost half (46%) of successful attacks target under-trained employees
  • 75% of attacks never become public knowledge despite GDPR breach notification requirements
  • 62% believe hackers are more sophisticated than security software developers

Nearly two-fifths of European businesses have knowingly fallen victim to a cyberattack in the last five years, with 64% admitting that they may have been hacked unknowingly, according to a new report by RSM, the leading middle market audit, tax and consulting network. This is compounded by a sense of apathy and acceptance, as 62% of respondents believe hackers are more sophisticated than security software developers.

The research, which was conducted for RSM by the European Business Awards, surveyed 597 business decision makers across 33 European countries, suggests that employees are the weak link in many European businesses. Almost half (46%) of successful attacks targeted employees via emails in a practice known as phishing with 22% of businesses still providing no cybersecurity training to their staff.

Despite the European General Data Protection Regulation (GDPR) requiring firms to report certain types of data breach within the first 72 hours of detection, 75% of hacks never become public knowledge with just 23% of businesses choosing to inform the regulator following a breach.

Although reputational damage is a key concern for respondents, genuine confusion appears to be driving the lack of transparency with a third (34%) admitting that they do not understand the circumstances in which they would need to report a breach.

Gregor Strobl, Co-Head of Risk Advisory Services, RSM Germany, said:

“Without question, human error is inevitable and poses the biggest security risk to businesses. When it comes to cybersecurity, it is costing European middle market businesses dearly. Hackers are skilful manipulators and well-versed in taking advantage of our curiosity through carefully crafted phishing emails. It is vitally important to ensure that staff know how to recognise and respond if they are targeted by ransomware or phishing attacks.

 “It is troubling, but unsurprising, that so few cyberattacks are ever made public to the authorities or affected businesses. Transparency is key to raising awareness, catching criminals and minimising the damage but the rules need to be clearer and applied more consistently.”

The top 5 digital investment areas for the European middle market

Cloud technology




Internet of things




Machine learning


With 80% of European businesses saying that digital transformation is a strategic priority for their growth it is concerning to find that just 34% of businesses have a cybersecurity strategy in place which they believe will protect them from cybercrime with 21% having no strategy at all. Despite this, middle market businesses remain resilient in the face of cyber risk with 86% saying that the increased risk of cyberattacks has not dissuaded them from investing in digital transformation, with 29% of businesses seeing their revenue grow as a result of digital investments with cloud technology the biggest area of focus.


Notes to Editors

For further information, please contact: 

Callum Finch



Phone: +44 (0)20 7413 3510 

About the data  

Research was undertaken among European businesses who have engaged with the European Business Awards. The sample included businesses from 33 countries. The data comes from 597 responses collected between 16.04.19 and 03.06.19.  


About RSM

RSM is a leading global network of audit, tax and consulting firms focused on the middle market, encompassing 116 countries, 750 offices across the Americas, Europe, MENA, Africa and Asia Pacific and more than 41,000 people internationally. The network’s total fee income is US$5.4billion. 

As an integrated team, we share skills, insight and resources, as well as a client-centric approach that’s based on a deep understanding of our clients’ businesses. This is how we empower them to move forward with confidence and realise their full potential. 

RSM is a member of the Forum of Firms, with the shared objective to promote consistent and high-quality standards of financial and auditing practices worldwide. 

RSM is the brand used by a network of independent accounting and advisory firms each of which practices in its own right. RSM International Limited does not itself provide any accounting and advisory services. Member firms are driven by a common vision of providing high quality professional services, both in their domestic markets and in serving the international professional service needs of their client base.  

For more information, visit www.rsm.global, or search for RSM on Facebook, Twitter and LinkedIn

About the European Business Awards

The European Business Awards is one of the world’s largest and most prestigious cross border, cross sector business competitions. Its primary purpose is to support and develop a stronger, more successful, innovative and ethical business community in Europe, as it believes businesses play a key role in addressing major issues faced across the world.

It aims to do that in 3 ways:

  • Endorsing and promoting Europe’s best businesses to help them attract new customers, partners, investors and talent
  • Sharing learning and solving problems to help businesses overcome the hurdles that stand between them and growth
  • Stimulating debates by asking the big questions about issues faced across Europe and how we can tackle them The European Business Awards is now in its 12th year. Last year it considered over 111,000 businesses from 34 countries.


Sponsors & Supporters