One in six businesses unprepared for a data breach

16 October 2018  

  • 39 per cent of organizations encountered a data breach in the last 12 months
  • Shadow IT a key concern for 68 per cent of companies

Research conducted by BSI, the business improvement company has revealed that one in six European organizations are unprepared for a data breach. The research carried out by the Cybersecurity and Information Resilience division of BSI for Cybersecurity Awareness month also highlighted that 39 per cent of organizations have experienced a data breach in the last 12 months. Three key areas were highlighted within the research: 

Counteracting the cyber threat

Preparation is vital when it comes to counteracting the cyber threat and awareness training and ongoing testing is crucial for organizations. While 73 per cent of organizations who responded to the BSI research said that they were concerned about cybersecurity and were seeking solutions, alarmingly one in six organizations highlighted that they had no plan in place. When asked if their organization was undertaking cybersecurity testing, over a third stated that they weren’t, however, 59 per cent revealed that they were engaging in end-user security awareness programmes.  

Rise in data breaches and cyberattacks

The BSI research highlighted that data breaches have been experienced by 39 per cent of organizations. The global ISACA State of Cybersecurity 2018 Report* also revealed that 50 per cent have experienced an increase in the number of cyberattacks compared to last year.  Data processing has been a focus area this year with the introduction of the GDPR, with 45 per cent of organizations stating that they had a good understanding of their data landscape since it was implemented on 25 May. 68 per cent of the respondents, with the increased knowledge in place, had conducted a high-level IT risk assessment in their organization, with one in five having a documented and tested Incident Response Plan (IRP) in place. 

Pitfalls in migration of data

Cloud migration and cloud security has continued to grow and evolve this year however there are pitfalls to be aware of as part of an organization’s cloud migration journey. Shadow IT** remains a key concern for businesses with 68 per cent of respondents stating data loss is the main threat, followed by unauthorized applications (15 per cent) and unauthorized devices (9 per cent) as well as data residency (8 per cent). 45 per cent of organizations have engaged with additional security controls based on the requirements of their cloud systems. 

Commenting on the research, Stephen O’Boyle, Global Head of Cybersecurity and Information Resilience Services at BSI, said: “Training and education is essential when it comes to achieving information resilience and it’s reassuring to see that organizations are actively implementing awareness programmes in the workplace. However, being proactive about cybersecurity is a company’s best defence and it is unfortunate to see that one in six organizations are unprepared for a breach and that over a third of companies aren’t’ partaking in cybersecurity testing within their organization.” 

“The increase in imminent malware threats, the importance of complying with new data protection regulations, the treatment of Shadow IT, and the advances in social engineering have been at the forefront this year. At BSI, we work with organizations to implement tailored plans that incorporate training at all levels of an organization, from senior executives to junior employees, as well as cybersecurity testing services to identify and address any weaknesses.  The cyber landscape is evolving, and organizations need to ensure that they are prepared so that they can remain resilient in protecting their information, people and reputation, both now and, in the future.” concluded Stephen. 

BSI’s Cybersecurity and Information Resilience centre of excellence provides a range of solutions to help organizations address their information challenges covering cybersecurity, information management and privacy, security awareness, and compliance and testing. For more information visit




Notes to Editor:

Over 300 European organizations took part in the BSI research. The research was carried out as part of the BSI Cybersecurity and Information Resilience Emerging Trends series which included webinars on: Advanced Ransomware/Malware; Cloud Migration and Cloud Security; The Rise in Data Breaches. 

*ISACA - Information Systems Audit and Control Association – report link

**Shadow IT - the downloading and use of productivity applications on both work and personal devices.