RSM International has conducted an in-depth survey to gain the perspectives of CEOs and senior leaders of successful middle market businesses across Europe, to understand the impact of digital transformation on cybersecurity, working with our Knowledge Partner, the European Business Awards.

The ‘Catch-22: Digital transformation and its impact on cybersecurity’ report comprises responses to a range of questions posed to 597 companies, in 33 European countries, spanning multiple industries and sizes, with recorded turnovers varying from less than €30 million to over €300 million. 56% of the respondents are on the management board with a further 31% reporting directly to the board.

Included in the findings is that 39% of European businesses have knowingly fallen victim to a cyberattack in the last five years, with 46% admitting the breaches were the result of phishing scams and employee errors.



It is no surprise that GDPR was a key driver for European businesses to invest in cybersecurity. The introduction of the legislation raised awareness of data breaches arising via cyber crime and poor data management but also brought threat of significant financial penalties and reputational damage. This spurred businesses to act. Businesses are now considering their data footprint and data privacy controls when looking at how they do business. Leaders are prepared to make investments to ensure data is a protected asset and not a potential liability.

However, the GDPR legislation took a “one size” approach. Many requirements were broad, ill-defined and open to interpretation. Hence, businesses struggled to become, and remain, compliant. The pressure to meet deadlines and address complex requirements has led to GDPR fatigue. Some organisations have given up and reverted back to prior processes and practices. 

A lot remains to be done to boost data protection compliance. Leaders now need to continue to drive this agenda item inside their organisations. Regulators will begin to audit the compliance of businesses and this will lead to fines being levied, press coverage and remedial action.

RSM urges businesses to be proactive and launch a review of their compliance position with respect to data protection legislation, including GDPR. Potential results include business benefits such as better protection of assets and cybersecurity risk mitigation, so much more than simply compliance with legislation and regulations.

Get the full cybersecurity report here