RSM: One in three middle-market businesses don’t understand cyber threat

RSM: One in three middle-market businesses don’t understand cyber threat

Paul O'Leary

A third of middle-market businesses (33%) have admitted their board does not understand the cyber threat landscape enough to accurately assess their level of risk, according to a new survey carried out by audit, tax and consulting firm RSM UK. 

The Real Economy’ report also highlighted that a third (33%) of the 415 businesses surveyed had experienced difficulties recruiting cyber security experts with the right skills and experience to help safeguard against cyber threats.

Paul O’Leary, technology risk assurance partner, RSM UK said: “The research is concerning, and suggests that in the current climate of increased risk, boards need to be much more attuned to the threats posed by the Russia-Ukraine conflict, volatile financial markets, speed of technology transformation and increased home working. In order to fully protect themselves, boards need to ensure they receive the right information from their IT teams or suppliers and encourage a culture of trust, openness and vigilance throughout the business.



“Given the level of M&A and technology-fuelled change activity we are currently seeing in the North and Scotland this year, the increased risk is critical for boards to understand in order to protect their business’s brand and value.”

The Real Economy report also identified that, despite cyber crime increasing by 100% since the pandemic, a quarter of businesses have not considered cyber insurance, leaving themselves exposed to potential financial and operational loss and reputational damage. Over a third of businesses (35%) say this is because they don’t understand what cyber insurance should cover.

Of the 62% of businesses that do have a cyber insurance policy in place, understanding of what the policy covers them for has declined over the past year, with only a quarter (25%) saying they are ‘very familiar’ with what’s covered, compared to 40% in 2021.

The research also found confidence in current measures to safeguard sensitive customer data has dropped, from almost half of middle market businesses (47%) feeling ‘very confident’ in 2021 to just over a third (35%) feeling ‘very confident’ this year. This loss of confidence is justified, as the increase in ransomware attacks demonstrates cybercriminals are focusing efforts on ringfencing data that is key to an organisation’s continued operation.

Increasing security protocols remains the top action taken to enhance IT and data security in response to widely publicised data breaches (47%), followed by updating privacy policies (42%) and engaging data security consultants (41%). Only 4% of businesses failed to take any action in response to high profile cases of data breaches reported in the media.

Paul O’Leary concluded: “It’s essential that board members educate themselves and their workforce about the increased risks and how to mitigate these in a continually evolving cyber threat landscape. With cyber-crime now occurring on an industrial scale across all sectors, no business can afford to ignore it. Every business should have a cyber incident response plan in place. Cyber security should be central to every business’s strategic and operational risk management process.”

Share icon
Share this article: