# SaaS Market Research Report - Europe

**Generated on:** 2026-06-01 13:12:45.205445  
**Industry:** SaaS  
**Geography:** Europe  
**Details:** Data breaches evolution over the past 3 years in European SaaS (example: CRM, CLM, HRIS, ERP, Healthcare practice management, etc.) limited to the SMB SaaS providers/developers (excluding big companies like SAP, Monday, etc.) and excluding e-Commerce. Highlight the main type of breaches, the costs when estimated, the trend of evolution in terms of volume and type of threat.

---

# Europe SMB SaaS Breaches Shift to System Intrusion

## Executive Summary

- **Notification Acceleration**: European personal-data breach notifications rose from **335 per day** for 28 Jan 2023 to 27 Jan 2024, to **363 per day** for 28 Jan 2024 to 27 Jan 2025, and then to **443 per day** for 28 Jan 2025 to 27 Jan 2026, according to DLA Piper's GDPR surveys and 2026 update [28], [30], [29] -> SMB SaaS providers should capacity-plan breach triage, regulator notification, customer notification, and evidence preservation as recurring operations.

- **System Intrusion Pivot**: Verizon's 2025 DBIR reports that EMEA system-intrusion breaches increased from **27%** to **53%** of breaches, while miscellaneous errors fell from **36%** to **19%** [4] -> SaaS boards should rebalance spend from policy-only privacy programs toward vulnerability management, identity hardening, endpoint detection, and backup recovery.

- **SMB Ransomware Asymmetry**: Verizon reports almost **4 times** more SMB victims than large-organization victims and says ransomware was present in **88%** of SMB or lower-maturity breaches, compared with **39%** for larger organizations [2] -> European SMB SaaS developers should assume ransomware is a default threat, not an edge case.

- **SaaS Supply-Chain Blast Radius**: Verizon says third-party involvement in breaches doubled from **15%** to **30%** [2], while the Zellis/MOVEit and Xplain incidents show that one software supplier can expose many downstream customers [37], [52] -> SaaS vendors should segment customer tenants, minimize retained data, and treat critical vendors as part of the product attack surface.

- **Healthcare Availability Risk**: Advanced Computer Software's ransomware case disrupted health services and led to a **GBP 3,076,320** ICO fine in 2025 after data on **79,404** people was compromised [55] -> healthcare practice-management SaaS must model patient-safety and service-continuity losses, not only confidentiality losses.

- **Costs Are Delayed And Opaque**: IBM's 2024 benchmark puts the global average breach cost at **USD 4.88M**, up **10%** from 2023 [1], while Verizon reports median ransomware payments falling to **USD 115,000** in 2024 [2] -> SaaS providers should budget for legal, forensic, downtime, churn, and regulatory costs even when ransom payments decline.

- **Cloud Adoption Expands The Control Plane**: Eurostat reports EU paid-cloud adoption rising from **45.2%** of enterprises in 2023 to **52.74%** in 2025 [82], [78] -> SMB SaaS vendors are becoming infrastructure for customers, so their security posture increasingly determines customer breach exposure.

- **Public Case Scarcity Is A Risk Signal**: Publicly documented European SMB SaaS breach cases are concentrated in HR/payroll, government software, and healthcare software; credible public CRM and CLM cases in the same period are much thinner -> buyers should not interpret silence as lower risk, and vendors should use independent assurance, incident transparency, and security telemetry as differentiators.

## Scope: European SMB SaaS, Not E-Commerce Or Mega-Vendors

This report covers European SaaS providers and software developers serving SMB or mid-market customers in CRM, CLM, HRIS/payroll, ERP/accounting, government workflow, and healthcare practice-management software. It excludes e-commerce platforms and mega-vendors such as SAP, Salesforce, and Monday.com. The case evidence is strongest in HR/payroll, healthcare, and public-sector software because those incidents were publicly reported; CRM and CLM are included in the market and exposure map, but public breach evidence for European SMB-focused vendors was limited.

The analysis uses a pragmatic definition of SMB SaaS: providers that serve SMB or mid-market users, process business or personal data, and are materially smaller or more specialized than global enterprise software giants. Some public incidents involve mid-market or larger European specialists, such as Zellis and SD Worx, because they illustrate the breach mechanics that matter to SMB SaaS buyers: payroll data concentration, third-party file-transfer dependence, and service outage. Advanced Computer Software is treated as a cost and enforcement benchmark because the attack occurred before the 3-year window but the ICO fine was issued in 2025.

The most important limitation is disclosure. GDPR creates strong personal-data notification duties, but public reporting does not always identify the SaaS vendor, vertical, root cause, or cost. That is why this report combines regulator-level breach volume data, cross-sector incident data, and specific vendor case studies rather than claiming a complete vendor-by-vendor breach census.

**Decision-ready insight:** European SMB SaaS security should be assessed through three lenses at once: customer-data concentration, availability dependence, and supply-chain position. The vendors most exposed are not always the largest by revenue; they are the ones that sit inside payroll, clinical, contract, accounting, identity, or workflow processes.

## Market Context: Cloud Adoption Turns SMB SaaS Into Critical Infrastructure

European SaaS breach risk is rising partly because SaaS usage is now ordinary infrastructure. Eurostat reported that **45.2%** of EU enterprises bought cloud computing services in 2023 [82]. By 2025, Eurostat reported **52.74%** of EU enterprises using paid cloud computing services, mostly for email, office software, and file storage [78]. This matters because SMB SaaS providers now hold operational data that used to be spread across local files, on-premise servers, and internal teams.

UK survey data reinforces the point from the demand side. The UK Cyber Security Breaches Survey 2025/2026 reports that **43%** of businesses experienced a cyber security breach or attack in the prior 12 months, with **42%** of micro businesses, **46%** of small businesses, **65%** of medium businesses, and **69%** of large businesses reporting breaches or attacks [23]. Phishing remained the most prevalent breach or attack type, affecting **38%** of businesses [23]. The same UK series reported the estimated share of all businesses experiencing a ransomware crime rising from less than **0.5%** in 2024 to **1%** in 2025 [92].

| Market signal | Latest evidence | Mechanism | SaaS implication |
|---|---:|---|---|
| EU paid-cloud adoption | **52.74%** of EU enterprises in 2025 | More business workflows move into externally operated systems | SaaS providers inherit customer security expectations |
| EU cloud adoption baseline | **45.2%** of EU enterprises in 2023 | Cloud adoption continues to broaden beyond early adopters | More SMBs depend on SaaS continuity and breach response |
| UK breach or attack exposure | **43%** of businesses in 2025/2026 | Attackers target common business channels, especially email and credentials | SaaS login, admin, and helpdesk workflows become high-value attack paths |
| UK ransomware exposure | Less than **0.5%** in 2024 to **1%** in 2025 | Even low-percentage ransomware incidence creates high-severity losses | Backup, recovery, and crisis communications need board ownership |

The takeaway is not that every SMB SaaS company will be breached. It is that SaaS has become the shared control plane for customer operations, so a SaaS provider's compromise can become a customer breach, an operational outage, and a regulatory event at the same time.

## Three-Year Breach Evolution: Volume Rises, Intrusion Replaces Error

The clearest European volume signal is GDPR breach notification growth. DLA Piper reported **335** breach notifications per day for 28 Jan 2023 to 27 Jan 2024 [28]. Its 2025 survey reported **363** per day for 28 Jan 2024 to 27 Jan 2025, up from **335** in the prior period [30]. Its 2026 update reported **443** per day for 28 Jan 2025 to 27 Jan 2026, a **22%** increase [29].

Ireland illustrates how national regulators are also seeing higher volumes. The Irish Data Protection Commission reported **7,781** valid breach notifications in 2024, an **11%** increase from 2023, with **81%** concluded by year-end [34]. For SaaS providers, this means the regulatory workload is moving from rare-event response toward routine operational readiness.

The type of breach is shifting even more sharply than the volume. Verizon's 2025 DBIR analyzed **22,052** incidents and **12,195** confirmed data breaches globally, with **9,062** incidents and **5,321** confirmed data disclosures in EMEA [2]. In EMEA, system intrusion, social engineering, and miscellaneous errors together accounted for **89%** of breaches. System intrusion rose to **53%** of EMEA breaches from **27%** the previous year, while miscellaneous errors fell to **19%** from **36%** [2].

| Metric | 2023 to 2024 baseline | 2024 to 2025 | 2025 to 2026 latest | What changed for SMB SaaS |
|---|---:|---:|---:|---|
| European breach notifications | **335/day** | **363/day** | **443/day** | Notification and customer-communications capacity must scale |
| EMEA system intrusion share | **27%** previous DBIR period | **53%** in 2025 DBIR | Not separately updated in the sources reviewed | Intrusion, ransomware, and vulnerability exploitation are overtaking error-led breach patterns |
| EMEA miscellaneous error share | **36%** previous DBIR period | **19%** in 2025 DBIR | Not separately updated in the sources reviewed | Human error remains relevant but is no longer the main growth story |
| Global third-party involvement | **15%** prior level | **30%** in 2025 DBIR | Not separately updated in the sources reviewed | Vendor concentration and file-transfer tools are now core breach channels |
| Median ransomware payment | **USD 150,000** in 2023 | **USD 115,000** in 2024 | Not separately updated in the sources reviewed | Payment levels may fall while total recovery and regulatory costs remain high |

ENISA's Threat Landscape 2024 also frames the European environment around availability threats, ransomware, and data threats [3]. That aligns with the SaaS evidence: breaches are no longer only about leaked databases. They increasingly combine encryption, extortion, outage, third-party compromise, and credential misuse.

**Decision-ready insight:** The European SMB SaaS threat model has moved from "will an employee make a mistake?" to "can an external actor use credentials, a vulnerability, or a supplier to reach many tenants at once?" The practical response is to measure intrusion resistance and recovery time, not only GDPR documentation completeness.

## Case Studies: Zellis, Xplain, SD Worx, DXS, And Advanced Show SaaS Blast Radius

| Entity | Country / scope | Vertical | Date | Main breach or incident type | Data / operational impact | Public cost estimate |
|---|---|---|---|---|---|---|
| Zellis / MOVEit | UK and Ireland clients | HR and payroll SaaS / payroll processor | June 2023 | Supply-chain and zero-day exploitation of MOVEit Transfer | BBC, British Airways, Boots, Aer Lingus, and other clients reported employee data exposure [36], [37] | Not stated |
| Xplain | Switzerland | Government software provider | May to June 2023 | Ransomware and data theft | Operational data from the Swiss Federal Administration was possibly included, and stolen data was published after the attack [52], [49] | Not stated |
| SD Worx | UK and Ireland services | HR and payroll services | April 2023 | Unauthorized activity in hosted data center, not confirmed ransomware | UK and Ireland systems were shut down; company stated no evidence data was compromised or lost [86], [77] | Not stated |
| DXS International | United Kingdom | NHS GP software / healthcare technology | December 2025 | Cyberattack with data stolen from internal systems | DXS disclosed a breach discovered on **14 Dec 2025**; reporting said data had been stolen [67], [63] | Not stated |
| Advanced Computer Software | United Kingdom | Health and care software | Attack in Aug 2022; fine in Mar 2025 | Ransomware via customer account and insufficient MFA coverage | Personal information of **79,404** people compromised, including details on access to homes of **890** people receiving care [55] | **GBP 3,076,320** ICO fine |

**Zellis and MOVEit show the modern SaaS supply-chain pattern.** Zellis was not breached through a generic email compromise reported against its own CRM; the issue came through the MOVEit Transfer zero-day campaign. The BBC, British Airways, Boots, and Aer Lingus were among organizations whose staff data was affected through their payroll supplier [36], [37]. The lesson for SMB SaaS is that file-transfer, payroll, identity, analytics, support, and backup tools can become part of the product breach surface even when customers do not see them.

**Xplain shows that specialized software vendors can carry state-grade sensitivity without state-grade resources.** The Swiss National Cybersecurity Centre said Xplain, a Swiss provider of government software, was the victim of a ransomware attack and that Federal Administration operational data was possibly affected [52]. Follow-up analysis said the incident created a need for action, and Swiss government pages noted that stolen data was published after the attack [49], [53]. For SaaS vendors in regulated niches, the data sensitivity may be higher than the vendor's size suggests.

**SD Worx shows that availability disruption can matter even without confirmed data loss.** SD Worx, a Belgian HR and payroll management company serving **5.2M** employees for more than **82,000** companies, shut down UK and Ireland IT systems after malicious activity was discovered in its hosted data center [86]. Silicon Republic reported that the company described the event as unauthorized activity and said there was no evidence that data was compromised or lost [77]. This is a useful failure case: absence of confirmed exfiltration does not mean absence of customer harm, because payroll and HR outages disrupt business operations.

**DXS and Advanced show why healthcare practice-management SaaS carries higher downside.** DXS International, a UK healthcare IT provider, disclosed a cyberattack in December 2025 that reporting said involved stolen data [67], [63]. Advanced is older as an incident but recent as an enforcement event: the ICO's 2025 penalty shows how a health-software breach can mature into a multi-year regulatory cost, especially where MFA coverage, vulnerability management, and patching fall short [55].

**Decision-ready insight:** The highest-risk SMB SaaS verticals are those where one vendor combines personal data, operational dependence, and many downstream customers. HR/payroll and healthcare practice management lead the visible case record; CRM, CLM, and ERP/accounting have the same structural exposure even where public breach cases are less visible.

## Cost Profile: Ransom Payments Fall, But Regulatory And Recovery Costs Persist

Cost data for European SMB SaaS incidents remains fragmented. Most vendor-specific cases reviewed here did not disclose total response cost, customer compensation, churn, legal fees, forensic cost, or insurance recovery. That opacity is itself a market finding: buyers often learn that a breach occurred, but not how much it cost the vendor or how much risk transferred to customers.

The public cost benchmarks point in two directions. IBM reported a **USD 4.88M** global average data-breach cost in 2024, a **10%** increase from 2023 and the largest spike since the pandemic [1]. Verizon, by contrast, reported a lower median ransomware payment of **USD 115,000** in 2024, down from **USD 150,000** in 2023, and said **64%** of victim organizations did not pay ransoms, up from **50%** in 2022 [2]. The implication is that ransom payment is no longer a reliable proxy for breach cost.

| Cost or exposure metric | Source evidence | SaaS interpretation | Decision implication |
|---|---:|---|---|
| Global average breach cost | **USD 4.88M** in 2024, up **10%** from 2023 | A serious breach can exceed typical SMB SaaS cash buffers | Maintain cyber insurance, cash reserve, and incident-response retainer |
| Median ransomware payment | **USD 115,000** in 2024, down from **USD 150,000** in 2023 | Payment may fall while operational and legal costs remain | Invest in recovery so payment is not the only option |
| Non-payment rate | **64%** of victims did not pay in 2024 | More victims are refusing payment or restoring independently | Test immutable backups and recovery drills quarterly |
| Advanced ICO penalty | **GBP 3,076,320** final fine in 2025 | Regulatory cost can arrive years after the attack | Preserve evidence of MFA, patching, logging, and management decisions |
| Advanced affected data | **79,404** people, including home-entry details for **890** care recipients | Sensitive health and care data can multiply harm | Apply data minimization and special-category-data controls |

Advanced is the clearest European software-specific cost signal. The ICO said Advanced failed to implement appropriate security measures before a ransomware attack, including insufficient MFA coverage; the final penalty was **GBP 3,076,320**, reduced from a provisional **GBP 6.09M** [55]. For a smaller SaaS provider, a similar fine plus response costs could be existential.

**Decision-ready insight:** Treat breach cost as a portfolio of losses: ransom, forensics, downtime, customer support, legal advice, regulator response, remediation engineering, sales pipeline delay, churn, and insurance premium change. The public figure, when one exists, is usually only the visible part.

## Major Players And Vertical Exposure Map

The European SMB SaaS ecosystem is fragmented by vertical and country. That fragmentation reduces single-vendor systemic risk compared with one dominant platform, but it also creates uneven maturity. A small CRM, CLM, HRIS, ERP, or clinic-software vendor may hold highly sensitive data without the security scale of a hyperscaler or global enterprise-software company.

| Vertical | Illustrative European SMB or mid-market SaaS players | Data concentration | Most likely breach mechanism | Public case signal from 2023 to 2026 |
|---|---|---|---|---|
| CRM and sales workflow | Teamleader, SuperOffice, Pipedrive | Customer contacts, sales notes, support history, email integrations | Credential theft, OAuth abuse, phishing, exposed integrations | Public European SMB CRM breach cases were less visible in the sources reviewed; do not infer low risk |
| CLM and legal workflow | Juro, Summize, Legisway, Zefort | Contracts, counterparty data, pricing, signatures, legal privileged material | Account takeover, document repository exposure, third-party AI or workflow integrations | Public European CLM breach cases were less visible; sensitivity is high even if public case volume is low |
| HRIS and payroll | Zellis, SD Worx, Personio, PayFit, Factorial, Lucca | Salaries, tax data, bank details, national identifiers, employee files | File-transfer zero-day, ransomware, payroll portal compromise, support-desk social engineering | Strong public signal: Zellis/MOVEit and SD Worx |
| ERP and accounting | Exact, Odoo, Visma, TeamSystem, Xero regional users | Invoices, suppliers, bank data, tax records, payment approvals | Credential theft, API exposure, misconfigured storage, business email compromise | Public European SMB ERP breach cases were less visible than HR and health cases |
| Healthcare practice management | Meddbase, Semble, DXS, Medesk, ClinicSoftware | Patient records, appointments, prescriptions, referral data, care access details | Ransomware, stolen admin credentials, unpatched systems, supplier outage | Stronger public signal: DXS and Advanced cost benchmark |
| Public-sector and regulated workflow software | Xplain and niche case-management vendors | Operational data, identity data, case files, law-enforcement or government records | Ransomware, data theft, weak segmentation, excess data retention | Strong public signal: Xplain |

Teamleader describes itself as software for businesses covering CRM, invoices, quotations, and projects and operating across Europe [104]. Exact says its cloud business software helps more than **500,000** SMEs and accountants manage business figures [106]. Meddbase describes itself as cloud-based EHR and medical practice-management software [101]. Legisway describes contract-management capabilities for storing, managing, and reporting on contracts [99].

The main market point is not that these specific companies have been breached. It is that their categories define where attackers can extract the most leverage: payroll for identity and bank data, healthcare for urgency and special-category data, CLM for confidential commercial terms, CRM for customer relationships, and ERP/accounting for payment workflows.

**Decision-ready insight:** Vendor due diligence should be vertical-specific. A generic SOC 2 or ISO 27001 certificate is useful, but buyers should ask payroll vendors about file transfer and bank-data controls, healthcare vendors about downtime and patient-record access, CRM vendors about OAuth and support impersonation, and CLM vendors about document-level access control.

## Buyer And Builder Playbook: Controls That Reduce Probability And Blast Radius

The relevant risk framework is the CIA triad: confidentiality, integrity, and availability. SMB SaaS breaches now hit all three. Zellis and Xplain illustrate confidentiality loss, SD Worx illustrates availability disruption, and healthcare software cases illustrate confidentiality plus availability plus safety impact.

The second useful framework is the cloud shared-responsibility model. Customers often assume the SaaS vendor is securing the service; vendors often assume cloud infrastructure security covers them. The breach evidence shows that the dangerous layer is the application and operations layer: identity, tenant isolation, secrets, patching, file transfer, logging, and incident response.

| Control priority | Why it matters now | Operating metric | Board or buyer action |
|---|---|---|---|
| MFA everywhere, including customer support and admin paths | Advanced shows insufficient MFA can become a regulatory issue [55] | 100% privileged and customer-admin coverage | Block exceptions or require compensating controls |
| Vulnerability and patch management | Verizon reports exploitation of vulnerabilities as a major intrusion driver [4] | Critical patch SLA by asset class | Require monthly evidence and emergency patch process |
| Secrets and token management | Verizon reports leaked secrets and cloud/API keys as a SaaS-relevant exposure [2] | Time to revoke leaked secret; secret age | Use automated secret scanning and short-lived tokens |
| Tenant segmentation and data minimization | Zellis and Xplain show supplier compromise can affect many customers | Records retained per customer; cross-tenant access tests | Reduce retained data and isolate customer environments |
| Immutable backup and recovery testing | Ransomware is highly prevalent in SMB or lower-maturity breaches [2] | Recovery time objective and recovery point objective tested | Run quarterly restore exercises, not paper reviews |
| Incident communications | DLA's notification volumes show breach response is a recurring workload | Time to assemble facts, notify customers, and notify regulators | Pre-draft customer notices and regulator evidence packs |
| Supplier and file-transfer governance | Third-party involvement doubled to **30%** in Verizon's data [2] | Critical vendor inventory, data-flow map, last assurance date | Treat file-transfer and payroll processors as critical dependencies |
| Healthcare and payroll special controls | Advanced and Zellis show sensitive data increases harm | Special-category and payroll data inventory | Apply stricter retention, encryption, approval, and monitoring |

For vendors, the commercial opportunity is clear. Security can become a differentiator in SMB SaaS procurement because buyers increasingly know that a supplier breach can become their breach. Vendors that can show short recovery times, clean tenant isolation, complete MFA, tested incident playbooks, and transparent breach communications should win trust against less mature competitors.

For buyers and investors, the main diligence shift is to ask for evidence, not promises. A vendor that cannot produce a current asset inventory, data-flow map, list of subprocessors, incident-response plan, backup test evidence, and vulnerability remediation metrics should be treated as a higher-risk dependency.

**Decision-ready insight:** The right question is not "has the vendor ever had a breach?" Public breach records are incomplete. The better question is "when intrusion happens, how quickly can the vendor detect, contain, restore, notify, and prove what data was or was not accessed?"

## Synthesis

European SMB SaaS breach risk is moving along three dimensions at once: volume, mechanism, and blast radius. Volume is rising, shown by DLA Piper's growth from **335** to **443** notifications per day across the 2023 to 2026 GDPR reporting periods. Mechanism is shifting, shown by Verizon's EMEA system-intrusion jump from **27%** to **53%** of breaches. Blast radius is widening, shown by third-party involvement rising to **30%** and by case studies where one provider affected multiple customer organizations.

The vertical contrast is important. HR/payroll SaaS has the clearest public breach signal because payroll data is concentrated, sensitive, and routinely transferred between systems. Zellis shows the file-transfer zero-day pattern, while SD Worx shows that an HR/payroll outage can matter even without confirmed data loss. Healthcare practice-management SaaS has the highest harm intensity because outages affect care delivery and breaches involve special-category data; Advanced and DXS show that regulators and customers will judge healthcare software through a stricter lens.

CRM, CLM, and ERP/accounting are different. Their public European SMB breach case record is less visible in the sources reviewed, but their risk is structurally high. CRM systems concentrate customer relationships and OAuth integrations. CLM systems concentrate confidential contracts and approvals. ERP/accounting systems concentrate supplier, invoice, tax, and payment data. The absence of public cases should therefore be interpreted as disclosure scarcity, not proof of safety.

The non-obvious tension is that ransom payments may be falling while total breach economics worsen. Verizon's median ransomware payment fell to **USD 115,000**, but IBM's average breach-cost benchmark rose to **USD 4.88M**, and Advanced's delayed ICO fine reached **GBP 3,076,320**. This suggests that attackers, regulators, insurers, and customers are all part of the cost stack. Paying less ransom does not mean suffering less loss.

The practical conclusion is that European SMB SaaS providers should compete on resilience. The minimum credible posture now includes complete MFA, fast patching, secrets scanning, tenant isolation, data minimization, immutable backups, recovery testing, supplier governance, and transparent incident communications. Buyers should reward vendors that can evidence these controls and penalize vendors that rely on generic assurances. Investors should treat security maturity as a revenue-quality metric because a breach can quickly convert recurring revenue into churn, remediation spend, and regulatory exposure.

## References

1. *Surging data breach disruption drives costs to record highs - IBM*. https://www.ibm.com/think/insights/whats-new-2024-cost-of-a-data-breach-report
2. [[PDF] 2025 Data Breach Investigations Report - Verizon](https://www.verizon.com/business/resources/reports/2025-dbir-data-breach-investigations-report.pdf)
3. *ENISA Threat Landscape 2024 - European Union*. https://www.enisa.europa.eu/publications/enisa-threat-landscape-2024
4. *Verizon's 2025 Data Breach Investigations Report: System intrusion ...*. https://www.verizon.com/about/news/2025-data-breach-investigations-report-emea
5. [[PDF] ENISA THREAT LANDSCAPE 2024 - Security Delta (HSD)](https://securitydelta.nl/media/com_hsd/report/690/document/ENISA-Threat-Landscape-2024.pdf)
6. *Europe's Hospital Cybersecurity Hot Zones and Top Cyber ...*. https://pressreleasehub.pa.media/article/europes-hospital-cybersecurity-hot-zones-and-top-cyber-vendors-as-ehr-and-epr-attacks-shift-from-data-theft-to-care-disruption-74182.html
7. *2024 Was Another Bad Year for Healthcare Ransomware Attacks*. https://www.hipaajournal.com/2024-was-another-bad-year-for-healthcare-ransomware-attacks/
8. *Europe's Hospital IT Leaders in Germany, France, and Italy ...*. https://finance.yahoo.com/news/europes-hospital-leaders-germany-france-161500893.html
9. [[PDF] Cybersecurity Threat Landscape in healthcare 2024 - Z-CERT](https://z-cert.nl/assets/downloads/Dreigingsbeeld-ENG.pdf)
10. *How Healthcare Cyberattacks Broke Records in 2024*. https://www.bankinfosecurity.com/how-healthcare-cyber-attacks-broke-records-in-2024-a-27116
11. *Ransomware Attacks in Europe Revealed (2023-2025) - Tic Tac*. https://tictac.gr/en/blog/ransomware-attacks-in-europe/
12. *European Commission cloud breach: a supply-chain ...*. https://cert.europa.eu/blog/european-commission-cloud-breach-trivy-supply-chain
13. *The European Commission confirmed a cyberattack affecting part of ...*. https://securityaffairs.com/190067/data-breach/the-european-commission-confirmed-a-cyberattack-affecting-part-of-its-cloud-systems.html
14. *ERP platform data breach exposes 300000 business records*. https://www.secureblink.com/cyber-security-news/erp-platform-data-breach-exposes-300000-business-records-50k-buyers-and-sellers-affected
15. *SuperOffice Sees Record Growth Amid Market Shift*. http://superoffice.com/news/press-release/superoffice-sees-growth-amid-market-shift
16. *2023 MOVEit data breach*. https://en.wikipedia.org/wiki/2023_MOVEit_data_breach
17. *Zellis Security Rating, Vendor Risk Report, and Data ...*. https://www.upguard.com/security-report/zellis-com
18. *EU cyber agency attributes major data breach to TeamPCP hacking ...*. https://therecord.media/european-commission-cyberattack-teampcp
19. *BBC, Boots and BA see employee data hit in cyberattack*. https://www.personneltoday.com/hr/moveit-cyberattack-zellis/
20. *Aareal Bank and Advent International to sell Aareon to TPG*. http://tpg.com/news-and-insights/aareal-bank-and-advent-international-to-sell-aareon-to-tpg-for-approximately-e-3-9-billion
21. *The ICO's Annual Report 2024/25: Key Insights - Burges Salmon*. https://www.burges-salmon.com/articles/102kv8m/the-icos-annual-report-2024-25-key-insights/
22. *Data security incident trends | ICO*. https://ico.org.uk/action-weve-taken/complaints-and-concerns-data-sets/data-security-incident-trends/
23. *Cyber security breaches survey 2025/2026*. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-20252026/cyber-security-breaches-survey-20252026
24. *ICO Annual Report 2024-25 - Society for Computers & Law*. https://www.scl.org/ico-annual-report-2024-25/
25. [[PDF] Annual Report 2024 - ICO](https://ico.org.uk/media2/migrated/4030348/annual-report-2023-24.pdf)
26. *GDPR Fines Hit EUR 1.2Bn in 2024 - 363 Data Breaches Per Day*. https://nhimg.org/gdpr-fines-hit-eur-12bn-in-2024-363-data-breaches-per-day
27. *EDPB annual report 2024: protecting personal data in a ...*. https://www.edpb.europa.eu/news/news/2025/edpb-annual-report-2024-protecting-personal-data-changing-landscape_en
28. *DLA Piper GDPR Fines and Data Breach Survey: January 2024*. https://www.dlapiper.com/insights/publications/2024/01/dla-piper-gdpr-fines-and-data-breach-survey-january-2024
29. *Personal data breaches in Europe reach 443 per day in ... - DLA Piper*. https://www.dlapiper.com/news/2026/02/personal-data-breaches-in-europe-reach-443-per-day-in-dramatic-22-jump-dla-piper-analysis-reveals
30. [[PDF] DLA Piper GDPR fines and data breach survey](https://blogs.dlapiper.com/advocatus/files/2025/01/dla-piper-fines-and-data-breach-survey-2025.pdf)
31. *Data Protection Commission publishes 2024 Annual Report*. https://dataprotection.ie/en/data-protection-commission-publishes-2024-annual-report
32. *The CNIL publishes its annual report for 2023*. https://www.cnil.fr/en/cnil-publishes-its-annual-report-2023
33. *Annual report: CNIL's achievements and key actions in 2025*. https://www.cnil.fr/en/annual-report-2025
34. *Annual Report 2024*. https://dataprotection.ie/annualreport2024/
35. *Protection des données - VIASANTÉ Mutuelle*. http://viasante.fr/protection-des-donnees
36. *MOVEit hack: BBC, BA and Boots among cyber attack victims*. https://www.bbc.com/news/technology-65814104
37. *BBC and British Airways affected by data breach at payroll ...*. https://therecord.media/bbc-british-airways-hit-by-zellis-zero-day
38. *BA, BBC and Boots caught up in file transfer hack*. http://reuters.com/technology/british-airways-boots-staff-suffers-possible-data-breach-telegraph-2023-06-05
39. *NHS IT supplier held to ransom by hackers*. https://www.bbc.com/news/technology-62506039
40. *Major NHS Supplier hit by Ransomware Attack -*. https://paradisecomputing.co.uk/resources/paradise-blog/major-nhs-supplier-hit-by-ransomware-attack
41. *ICO fines Advanced £3m following 2022 ransomware attack*. https://legaltechnology.com/2025/03/28/ico-fines-advanced-3m-following-2022-ransomware-attack-comment/
42. *NHS software provider fined £3m over data breach - BBC*. https://www.bbc.com/news/articles/cp3yv1zxn94o
43. *Advanced Computer Software Group Fined £3m by ICO for NHS ...*. https://measuredcollective.com/advanced-computer-software-group-fined-3m-by-ico-for-nhs-ransomware-data-breach-2025/
44. *Aon's 2023 Global Risk Management Survey Highlights ...*. https://macaubusiness.com/aons-2023-global-risk-management-survey-highlights-cyber-attack-data-breach-as-the-number-one-business-risk-for-organisations-in-asia-pacific/
45. *Global Data Breaches and Cyber Attacks in December 2023*. https://grcsolutions.io/global-data-breaches-and-cyber-attacks-in-december-2023-2241916765-records-breached/
46. *The Allen & Overy Ransomware Incident: What You Need ...*. https://assured.co.uk/2023/the-allen-overy-ransomware-incident-what-you-need-to-know/
47. *Aareon - Wikipedia*. http://en.wikipedia.org/wiki/Aareon
48. *Aareon*. http://aareon.com/
49. *Xplain hack: initial findings from data analyses indicate ...*. https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2023/xplain_2.html
50. *Switzerland says government data stolen in ransomware ...*. https://www.bleepingcomputer.com/news/security/switzerland-says-government-data-stolen-in-ransomware-attack/
51. *Healthcare Data Breaches: Insights and Implications - PMC*. https://pmc.ncbi.nlm.nih.gov/articles/PMC7349636/
52. *Federal Administration also impacted by Xplain hack*. https://www.ncsc.admin.ch/ncsc/en/home/aktuell/im-fokus/2023/xplain.html
53. *Xplain data leak*. https://www.ar.admin.ch/en/xplain-en
54. *Advanced Computer Software Group Limited | ICO*. https://ico.org.uk/action-weve-taken/enforcement/2025/03/advanced-computer-software-group-limited/
55. *Software provider fined £3m following 2022 ransomware attack - ICO*. https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/03/software-provider-fined-3m-following-2022-ransomware-attack/
56. *ICO fines Processor £3.07m for UK GDPR security failings*. https://cms.law/en/gbr/legal-updates/processor-fined-3m-following-data-breach
57. *UK Software Firm Fined £3 Million Over Ransomware ...*. http://securityweek.com/uk-software-firm-fined-3-million-over-ransomware-caused-data-breach
58. *What can we learn from Visma's cybersecurity breach?*. https://techhq.com/news/what-can-we-learn-from-vismas-cybersecurity-breach/
59. *Responsible Disclosure of Odoo Security Vulnerabilities*. https://www.odoo.com/security-report
60. *European Commission Confirms Cloud Data Breach*. https://www.infosecurity-magazine.com/news/european-commission-cloud-data/
61. *Crunch*. https://platform.tracxn.com/a/d/company/531942f3e4b0f7e165f4ad2c/crunch?utm_source=parallel&utm_medium=ai#a:about
62. *Odoo Security Rating, Vendor Risk Report, and Data Breaches*. https://www.upguard.com/security-report/odoo-com
63. *NHS GP software supplier hit by cyber attack*. https://www.digitalhealth.net/2025/12/nhs-gp-software-supplier-hit-by-cyber-attack/
64. *The Medibase Group Data Breach Lawsuit Investigation*. https://www.classaction.org/data-breach-lawsuits/the-medibase-group-inc-july-2024
65. *Suspected cyber attack affects major GP software supplier*. https://www.pulsetoday.co.uk/news/technology/suspected-cyber-attack-affects-major-gp-software-supplier/
66. *Perception*. https://platform.tracxn.com/a/d/company/5904943de4b0096bd00f68ce/perception?utm_source=parallel&utm_medium=ai#a:about
67. *Hackers breach internal servers of tech provider for ...*. https://therecord.media/uk-nhs-tech-provider-dxs-discloses-hack
68. *Pipedrive Security Rating, Vendor Risk Report, and Data Breaches*. https://www.upguard.com/security-report/pipedrive
69. *Are We Mourning CLM? | Summize*. https://www.summize.com/resources/are-we-mourning-clm
70. *When Your Legal Tech Vendor Gets Breached: DocketWise Incident ...*. https://complexdiscovery.com/when-your-legal-tech-vendor-gets-breached-docketwise-incident-exposes-116666-immigration-records-and-a-professions-blind-spot/
71. *Wikipedia — Juro (company)*. http://en.wikipedia.org/wiki/Juro_%28company%29
72. *BREAKING: UNC6395 – The Biggest SaaS Breach of 2025*. https://www.obsidiansecurity.com/blog/unc6395-salesloft
73. *Cyber attack on payroll and HR company disrupts services ...*. https://www.bitdefender.com/en-us/blog/hotforsecurity/cyber-attack-on-payroll-and-hr-company-disrupts-services-in-uk-and-ireland
74. *Recent Data Loss - Personio Voyager Community*. https://community.personio.com/other-topics-31/recent-data-loss-4429
75. *Payroll data security risks companies can't ignore*. https://rsmus.com/insights/services/financial-management/payroll-data-security-risks-companies-ignore.html
76. *Arbitrary Code Execution via AI Agent Interaction with ...*. http://varutra.com/ctp/threatpost/postDetails/Arbitrary-Code-Execution-via-AI-Agent-Interaction-with-Malicious-Git-Repositories-in-Cursor-IDE/WG5vTnRmYmhJR3UyTmoyZml4SzIvUT09
77. *SD Worx shuts down UK and Irish services amid cyberattack*. https://www.siliconrepublic.com/enterprise/sd-worx-cyberattack-uk-ireland
78. *Cloud computing - statistics on the use by enterprises*. https://ec.europa.eu/eurostat/statistics-explained/index.php?title=Cloud_computing_-_statistics_on_the_use_by_enterprises
79. *2024 Vertical & SMB SaaS Benchmark Report - Tidemark*. https://www.tidemarkcap.com/post/2024-vertical-smb-saas-benchmark-report
80. [Software as a Service [SaaS] Market Size, Global Report, 2034](https://www.fortunebusinessinsights.com/software-as-a-service-saas-market-102222)
81. [[PDF] Cloud computing - statistics on the use by enterprises Statistics ...](https://ec.europa.eu/eurostat/statistics-explained/SEPDF/cache/37043.pdf)
82. *45% EU enterprises bought cloud services in 2023 - European Union*. https://ec.europa.eu/eurostat/web/products-eurostat-news/w/ddn-20231208-1
83. *NHS software provider to pay £3m ICO fine over patient ...*. https://www.pulsetoday.co.uk/news/technology/nhs-software-provider-to-pay-3m-ico-fine-over-patient-data-hack/
84. *NHS GP Software Supplier DXS International Hit by ...*. https://breached.company/nhs-gp-software-supplier-dxs-international-hit-by-devman-ransomware-attack/
85. *NHS supplier DXS International confirms cyber attack*. https://www.itpro.com/security/cyber-attacks/nhs-supplier-dxs-international-confirms-cyber-attack-heres-what-we-know-so-far
86. *SD Worx shuts down UK payroll, HR services after ...*. https://www.bleepingcomputer.com/news/security/sd-worx-shuts-down-uk-payroll-hr-services-after-cyberattack/
87. *Latest SD Worx news*. https://www.bleepingcomputer.com/tag/sd-worx/
88. *Latest Payroll news*. https://www.bleepingcomputer.com/tag/payroll/
89. *SD Worx pauses HR operations after cyberattack | UNLEASH*. https://www.unleash.ai/payroll/sd-worx-cyberattack/
90. *UK Cyber Security Breaches Survey 2025/2026: Key Takeaways*. https://www.alstonprivacy.com/uk-cyber-security-breaches-survey-2025-2026-key-takeaways/
91. *Cyber security breaches survey 2024*. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2024/cyber-security-breaches-survey-2024
92. *Cyber security breaches survey 2025 - GOV.UK*. https://www.gov.uk/government/statistics/cyber-security-breaches-survey-2025/cyber-security-breaches-survey-2025
93. *2024 Report on the State of the Cybersecurity in the Union*. https://www.enisa.europa.eu/publications/2024-report-on-the-state-of-the-cybersecurity-in-the-union
94. *897 victims for Germany*. https://www.ransomware.live/map/DE
95. [[PDF] Annual report P&I Personal & Informatik AG](https://www.pi-ag.com/documents/2023-PuI_Geschaeftsbericht_EN.pdf)
96. *Payroll/HR Giant PrismHR Hit by Ransomware? - Krebs on Security*. https://krebsonsecurity.com/2021/03/payroll-hr-giant-prismhr-hit-by-ransomware/
97. *P&I LogaHR Reviews & Features 2026 - OMR*. https://omr.com/en/reviews/product/p-i-logahr
98. *Privacy statement - KALDEWEI*. https://www.kaldewei.com/privacy-statement/
99. *Managing Contracts - Legisway - Wolters Kluwer*. https://www.wolterskluwer.com/en/solutions/legisway/managing-contracts
100. *Legisway Alternative: Full Legal Suite or Purpose-Built CLM? - Zefort*. https://zefort.com/blog/legisway-alternative/
101. *Meddbase: Online Web Based Practice Management Software*. https://www.meddbase.com/us/
102. *Medesk*. https://platform.tracxn.com/a/d/company/59059cd0e4b02ce7b11fbb6f/medesk?utm_source=parallel&utm_medium=ai#a:about
103. *ClinicSoftware*. https://platform.tracxn.com/a/d/company/55f16d1ee4b03acd9c343273/clinicsoftware?utm_source=parallel&utm_medium=ai#a:about
104. *Teamleader: CRM, invoices, quotations and projects in one tool*. https://www.teamleader.eu/
105. *ERP system for SMEs: Visma vs. Odoo*. https://www.kilurion.com/en/blog/news-2/erp-system-for-smes-visma-vs-odoo-10
106. *Exact business software for SMEs and their accountants*. https://www.exact.com/us
107. *Connect WorkFlex with your HR and travel tools*. http://workflex.com/partners-integrations
108. *SuperOffice vs Pipedrive (2026): Data‑driven comparison*. https://www.rfp.wiki/crm-marketing/superoffice/pipedrive
109. *Cyber-attacks leave SMEs with hefty fines and uncertain futures*. https://www.hiscoxgroup.com/news/press-releases/2025/29-09-25
110. *Emerging cyber threats for accountants in 2025 (UK/EMEA)*. https://www.kennedyslaw.com/en/thought-leadership/article/2025/emerging-cyber-threats-for-accountants-in-2025-ukemea/
111. *Clawdbot creator Peter Steinberger says he is changing ...*. https://www.techmeme.com/260127/p31
112. *Global Data Breaches and Cyber Attacks in July 2025*. https://grcsolutions.io/global-data-breaches-and-cyber-attacks-in-july-2025/
113. *Meta blocks users from sharing links to ICE List, which ...*. https://www.techmeme.com/260127/p47
114. *The Salesforce Breach Wave Of 2025: Google, Workday ...*. https://www.blackfog.com/the-salesforce-breach-wave-of-2025/
115. *Allianz Life Data Breach 2025: 1.4M Customers Exposed*. https://cypro.co.uk/insights/allianz-life-data-breach-2025/