There has been a mixed response to plans by the European Commission to force firms to reveal they have been victims of a data breach.
The EC wants to extend the need to report breaches from the telco sector to include energy, transport, health and government.
The expectation is that the fear of incurring brand damage by having to publicly reveal a breach will encourage better cyber security practices.
But some feel that the proposals don't go far enough with Ernst & Young calling for more firms to be obliged to report breaches.
"The Commission is right to extend the obligation to report significant cyber incidents beyond telecoms companies to include organisations in the energy, transport, health and eGovernment sectors. But, even that doesn’t go far enough," said Mark Brown, director of information security at Ernst & Young.
"Services from the online economy that touch the lives of millions of people are now available in every sector. It is by collaboration and transparency across the business life cycle - from investors right through to customers that awareness can be raised and future incidents can be prevented, while exploiting the full benefits of the online economy," he added.
In the other camp those arguing against the extension of data breach revelations have called for a voluntary rather than mandatory approach.
“Mandatory reporting ignores the sensitive issues at stake around business reputation. It is important to build awareness of cyber attacks, but this should be done through voluntary sharing of information," said Matthew Fell, CBI director for competitive markets.