Nearly half of firms aren’t reporting data breaches, which is a problem since GDPR demands businesses who suffered a breach to report it within 72 hours. However, new figures from cybersecurity firm CrowdStrike suggest many British firms aren’t reporting data breaches in a timely manner, as is required per General Data Protection Regulation (GDPR).
Crowdstrike polled 500 decision-makers from the UK and found that less than half (42 percent) of those that had fallen victim to a data breach reported it to the relevant authority, the Information Commissioner’s Office (ICO).
GDPR, a regulation that was brought in three years ago, stipulates that businesses report a data breach within 72 hours of discovering it. Despite the fact that the number of reported breaches rose in the past 36 months, many firms still chose to keep it quiet.