Data protection top risk for companies - New crisis management report


Cyber security and the violation of data protection regulations are the risks posing the greatest threats to companies. This is the conclusion of the latest crisis management report authored by the law firm Noerr and the Center for Corporate Compliance at EBS Law School headed by Professor Michael Nietsch.

Crisis Management ReportIn light of the increasing importance of crisis management at companies, the authors of the survey asked how companies define a crisis, how they prepare themselves preventively for crises and how past crises were managed. The results of more than 200 interviews with executives from companies with 250 employees or more were included in the research.

Almost 75% of companies with more than 1,000 employees had been affected by a company crisis in the last two years. The respondents in particular frequently reported cyber security incidents (36%), such as attacks by hackers, operational risks (30%) and investigations by authorities (20%).

Respondents rated the violation of data protection regulations as a new top risk. Based on their assessment of the risks for the next two years, almost half of those surveyed (48%) saw this as the company risk posing the greatest threat. For the past two years, only six per cent of the survey participants reported data protection violations. According to the risk assessment, cyber security risks are also continuing to increase, said 47% of the respondents.

“It is interesting to note that publicly traded companies have little confidence in their capital market compliance,” says Sophia Habbe, a Noerr partner in Frankfurt. Although only a few of the companies surveyed report compliance-relevant incidents, many consider the unauthorised disclosure of inside information, the non-observance of regulatory announcements or errors in ad hoc announcements and insider trading to be possible in the next two years. According to the authors of the report, this is based on the increasing regulation of the capital markets.

The companies surveyed identified a drop in sales (60%) as the most frequent consequence of a crisis. Other frequently mentioned effects of a crisis included the impairment of corporate image (44%) and (regulatory) enforcement measures (40%).

However, not all companies are equally affected by crisis situations. Companies that have their own crisis management department or function are less likely to report drastic consequences of a crisis than companies without such a department. Lars Kutzner, a Noerr partner in Berlin, emphasises: “This shows that such a coordinating body as well as the use of external consultants can prevent crises”.

Download (german):  Crisis Management Report 2018