Fears businesses too slow to respond to data breach reforms