RSM International has conducted an in-depth survey to gain the perspectives of CEOs and senior leaders of successful middle market businesses across Europe, to understand the impact of digital transformation on cybersecurity, working with our Knowledge Partner, the European Business Awards.

‘Catch-22: Digital transformation and its impact on cybersecurity’ report comprises responses to a range of questions posed to 597 companies in 33 European countries, spanning multiple industries and sizes, with recorded turnovers varying from less than €30 million to over €300 million. 56% of the respondents are on the management board with a further 31% reporting directly to the board.


39% of European businesses admit to being breached by a cyberattack but the majority of hacks remain hidden from public

  • Almost half (46%) of successful attacks target under-trained employees
  • 75% of attacks never become public knowledge despite GDPR breach notification requirements
  • 62% believe hackers are more sophisticated than security software developers

Nearly two-fifths of European businesses have knowingly fallen victim to a cyberattack in the last five years, with 64% admitting that they may have been hacked unknowingly, according to a new report by RSM, the leading middle market audit, tax and consulting network. This is compounded by a sense of apathy and acceptance, as 62% of respondents believe hackers are more sophisticated than security software developers.

The research, which was conducted for RSM by the European Business Awards, surveyed 597 business decision makers across 33 European countries, suggests that employees are the weak link in many European businesses. Almost half (46%) of successful attacks targeted employees via emails in a practice known as phishing with 22% of businesses still providing no cybersecurity training to their staff.

Despite the European General Data Protection Regulation (GDPR) requiring firms to report certain types of data breach within the first 72 hours of detection, 75% of hacks never become public knowledge with just 23% of businesses choosing to inform the regulator following a breach.

Although reputational damage is a key concern for respondents, genuine confusion appears to be driving the lack of transparency with a third (34%) admitting that they do not understand the circumstances in which they would need to report a breach.


Gregor Strobl, Co-Head of Risk Advisory Services, RSM Germany, said:

“Without question, human error is inevitable and poses the biggest security risk to businesses. When it comes to cybersecurity, it is costing European middle market businesses dearly. Hackers are skilful manipulators and well-versed in taking advantage of our curiosity through carefully crafted phishing emails. It is vitally important to ensure that staff know how to recognise and respond if they are targeted by ransomware or phishing attacks.

 “It is troubling, but unsurprising, that so few cyberattacks are ever made public to the authorities or affected businesses. Transparency is key to raising awareness, catching criminals and minimising the damage but the rules need to be clearer and applied more consistently.”

The top 5 digital investment areas for the European middle market

Cloud technology




Internet of things




Machine learning


With 80% of European businesses saying that digital transformation is a strategic priority for their growth it is concerning to find that just 34% of businesses have a cybersecurity strategy in place which they believe will protect them from cybercrime with 21% having no strategy at all. Despite this, middle market businesses remain resilient in the face of cyber risk with 86% saying that the increased risk of cyberattacks has not dissuaded them from investing in digital transformation, with 29% of businesses seeing their revenue grow as a result of digital investments with cloud technology the biggest area of focus.