The vast majority of large European businesses have suffered a data breach – but far fewer are concerned about it happening in future.

A Lloyd’s survey of 346 senior decision-makers at businesses with revenues of €250 million ($368 million) or more reveals 92% have seen a breach in the past five years, but just 42% fear a repeat occurrence.

Data breach plans are being driven by CEOs in 54% of businesses questioned, while chief information officers are leading the decision-making process in just 10%.

“Cyber risk has risen substantially up the boardroom agenda in the past year – it’s now the CEO, not the CIO, driving cyber-security strategy,” the report says.

In 2018 the European Union will introduce the General Data Protection Regulation (GDPR), which sets rigorous requirements for any business handling consumer data.

Almost all (97%) respondents have heard of the GDPR, but only 7% know “a great deal” about it and 57% know “little or nothing”, despite the serious financial and legal consequences of not complying.

About 73% of business leaders have limited knowledge of cyber insurance and 50% do not know that cyber cover for data breaches is available.

“European businesses face a constantly evolving landscape of cyber threats,” the report concludes. “The introduction of the GDPR will increase the focus on the data security aspect of their operations, because regulators, shareholders and customers will use it to hold companies accountable to higher cyber-security standards.

“By working with expert partners, such as lawyers, cyber-security experts and insurers, businesses can better understand the risks they face and help mitigate them to protect their balance sheets.”