According to a new report from the EU’s cyber security agency European Network and Information Security Agency (ENISA), most cyber security incidents are often not reported or detected even though they can affect millions of citizens and businesses.

In recent years, there have been examples of cyber security incidents with significant impacts on society, such as the British data center failure in 2011 while interrupted millions of business communications worldwide, and the storm Dagmar which, also in 2011, wrecked millions of Scandinavian communication links, according to an article from EurActiv.

However, most incidents are rarely reported.

“Cyber incidents are most commonly kept secret when discovered, leaving customers and policymakers in the dark about frequency, impact and root causes,” Dr. Marnix Dekker and Chris Karsberg, the report’s co-authors, said in a statement.

The new study concludes that the EU-wide sharing of incident reports has to be improved, the article says. In only one of the above-mentioned incidents was within the scope of national regulatory mandates, indicating gaps in regulation.

Therefore, an ENISA working group for national regulators has developed both a common set of security measures and an incident reporting format, the EurActiv report says.

ENISA has recently received reports on 51 large incidents from the regulators, describing impact, root causes, actions taken and lessons learned, which is used as input for the European cyber security strategy and the European cyber security exercise.