UK businesses are oblivious to the fact that the EU will force them to openly disclose when they have suffered a cyber breach, a new study suggests.
As Tech Week Europe Reports, less than one in ten (9%) of the financial institutions questioned in Ernst & Young's survey said they were aware of the EU Network Information Security Directive.
The directive will introduce compulsory breach disclosure for a number of sectors, meaning firms in the affected industries will be required to flag up to customers when they have been successfully attacked by hackers.
This could cause "potential loss of trading revenues through brand and reputational damage", Ernst & Young pointed out in the study, in which it quizzed 250 professionals in the finance industry.
Meanwhile, less than one five professionals (19%) had any knowledge of the EU General Data Protection Regulation, despite it being a law which could introduce significant penalties for data loss.
However, the findings reflected better on the industry's understanding of the importance of cyber security in general, with 79% of respondents stating they will increase investment in preventive measures, due to an increase in threat levels.
News that cyber security spending is set to increase will be music to the ears of UK bank consumers, who recently stated – in a survey by Telstra – that security is the most important factor they bear in mind when choosing which bank to register with.
It's perhaps little surprise that consumers consider security a top priority, given that nearly half of the people surveyed by Ernst & Young said their company had experienced from one to ten cyber-security incidents within the past year alone.
"Our recent survey indicates that whilst the finance community are becoming more aware of the impacts of cybersecurity across their business, their awareness of the full range of legislative and governance instruments remains an area that has scope for significant improvement," commented Mark Brown, executive director of EY Cybersecurity & Resilience.