CEOs of U.S. businesses have known for some time that cybersecurity is a significant issue affecting their day-to-day operations. And now, the topic is growing in importance for European business leaders as well.

In 2018, the European Union is scheduled to introduce the General Data Protection Regulation (GDPR), which will establish stringent requirements for any businesses that deal with European consumers’ data. The new regulations are coming into force May 25, 2018, for all EU member states — but it affects any company doing business with EU citizens, regardless of where the company is based.

To better understand what European businesses are doing to deal with cybersecurity and how they’re preparing for the new regulations, Lloyd’s commissioned its “Facing the Cyber Risk Challenge” survey.

The new research found that 54% of CEOs in European companies are taking responsibility for cybersecurity, but the majority seriously underestimates a cyber event’s potential impact, with a minority of European companies believing that they will lose market share after a cyber attack becomes known.

When asked specifically about the new EU regulations, the survey found some surprising results, despite the serious financial and legal consequences of not complying with the rules:

  • 97% of respondents have heard of the GDPR.

  • 7% said they know “a great deal” about it.

  • 57% said they know “little” or “nothing” about the regulations.

More than half of the businesses surveyed were aware the new EU regulations could affect them in terms of regulatory investigation (64%), financial penalties (58%), share price (57%) and reputation (52%), but only 13% believed they could lose customers.

Too complacent?

When asked whether their company had suffered a data breach in the past five years, 92% of respondents (all in Europe) said they had, while 3% said they had “come close.” Only 5% of respondents said they had not suffered a breach or were unaware that they had. Despite these numbers, only 42% are worried about suffering a future breach.

The survey found that most businesses were more concerned about external rather than internal threats. The internal threats that worried most businesses were low-tech, with 42% of respondents stating physical loss of paper documents as a key concern. The same percentage also listed an insider intentionally breaching information as a key threat.

The No. 1 external threat is hacking, according to the survey. Half (51%) of the businesses questioned said they were worried about the possibility of being hacked for financial gain, compared to 46% who were concerned about being hacked for political reasons. Hacking by a competitor was viewed as a serious threat by 41%.

Cyber insurance awareness

According to the survey, 73% of business leaders have a limited knowledge of Cyber insurance, and 50% don’t know that Cyber coverage for data breaches is available.

In commenting on the survey, CEO Inga Beale reminded European businesses that the new EU regulations will mean that they have to be more responsive to any cyber incident than may have been the case in the past. “Insurance companies provide more than just cover for any lost income,” she adds. “They offer a wrap-around service that can keep businesses on the right side of regulation and help protect their customers and their reputation.”