One In Three Middle Market Businesses Don’t Understand Cyber Threat
25th May 2022
A third of middle market businesses* (33%) have admitted their board does not understand the cyber threat landscape enough to accurately assess their level of risk. Leading audit tax and consulting firm RSM UK’s ‘The Real Economy’ report also highlighted that a third (33%) of the 415 businesses surveyed had experienced difficulties recruiting cyber security experts with the right skills and experience to help safeguard against cyber threats.
Paul Anthony, regional managing partner, RSM South said: ‘The research is concerning, and suggests that in the current climate of increased risk, boards need to be much more attuned to the threats posed by the Russia-Ukraine conflict, volatile financial markets, speed of technology transformation and increased home working. In order to fully protect themselves, boards need to ensure they receive the right information from their IT teams or suppliers and encourage a culture of trust, openness and vigilance throughout the business.’
The Real Economy report also identified that, despite cyber crime increasing by 100% since the pandemic,** a quarter of businesses have not considered cyber insurance, leaving themselves exposed to potential financial and operational loss and reputational damage. Over a third of businesses (35%) say this is because they don’t understand what cyber insurance should cover.
Of the 62% of businesses that do have a cyber insurance policy in place, understanding of what the policy covers them for has declined over the past year, with only a quarter (25%) saying they are ‘very familiar’ with what’s covered, compared to 40% in 2021.
The research also found confidence in current measures to safeguard sensitive customer data has dropped, from almost half of middle market businesses (47%) feeling ‘very confident’ in 2021 to just over a third (35%) feeling ‘very confident’ this year. This loss of confidence is justified, as the increase in ransomware attacks demonstrates cybercriminals are focusing efforts on ringfencing data that is key to an organisation’s continued operation.
Increasing security protocols remains the top action taken to enhance IT and data security in response to widely publicised data breaches (47%), followed by updating privacy policies (42%) and engaging data security consultants (41%). Only 4% of businesses failed to take any action in response to high profile cases of data breaches reported in the media.
Paul Anthony concludes: ‘It’s essential that board members educate themselves and their workforce about the increased risks and how to mitigate these in a continually evolving cyber threat landscape. With cyber-crime now occurring on an industrial scale across all sectors, no business can afford to ignore it. Every business should have a cyber incident response plan in place. Cyber security should be central to every business’s strategic and operational risk management process.’
Actions taken to enhance data security
|1) Updated security protocols||47%|
|2) Updated privacy policies||42%|
|3) Engaged data security consultants||41%|
|4) Recruited data security staff||40%|
|5) Enhanced the security of existing remote workforce solutions||38%|
|6) Enhanced staff training/education efforts||33%|
|7) Developed new remote workforce solutions||33%|
|8) Purchased new or upgraded hardware||29%|
|9) Purchased new or upgraded software||27%|
|10) No action taken||4%|
Note: percentages based on those who responded ‘yes’ to individual actions