Companies with European operations are stepping up their cyber defences ahead of new EU data protection laws due in May, according to a Marsh survey of more than 1300 senior executives.

The General Data Protection Regulation requires businesses to protect EU citizens’ personal data and privacy on transactions that occur within member states.

Non-compliance will bring fines of up to 2% or 4% of a company’s revenue, depending on the business activity.

“The imminent implementation… is spurring firms to take a fresh look at their cyber risk, not just their privacy protocols,” Marsh President of Global Risk and Digital John Drzik said.

“This survey indicates that the most prepared firms are using [the regulation] as a catalyst to enhance their cyber-risk management, including a more economic evaluation of their risks and an increased focus on building resilience in the face of an inevitable cyber incident.” 

Of respondents who have made plans for the new regulation, about 78% intend to spend more on cyber-risk management, including on insurance, over the next year.

About 52% who do not have a plan for the new regulation indicate their budgets to manage digital threats will increase.

Some 65% of respondents name cyber risk as the biggest danger to their businesses, compared with 32% who voiced similar concerns last year.