• Swindon & Wiltshire News
• Wednesday May 25 2022
• Author Name: Peter Davison

One in three middle market businesses don’t understand cyber threat, RSM survey says

A third of middle-market businesses have admitted their board does not understand the cyber threat landscape enough to accurately assess their level of risk, according to The Real Economy report from audit tax and consulting firm RSM.

The report also highlighted that a third of the 415 businesses surveyed had experienced difficulties recruiting cyber security experts with the right skills and experience to help safeguard against cyber threats.

Kate Reid, office managing partner, RSM Bristol, said: “The research is concerning, and suggests that in the current climate of increased risk, boards need to be much more attuned to the threats posed by the Russia-Ukraine conflict, volatile financial markets, speed of technology transformation and increased home working.

“In order to fully protect themselves, boards need to ensure they receive the right information from their IT teams or suppliers and encourage a culture of trust, openness and vigilance throughout the business.”

The Real Economy report also identified that, despite cybercrime increasing by 100 per cent since the pandemic, a quarter of businesses have not considered cyber insurance, leaving themselves exposed to potential financial and operational loss and reputational damage.

“Over a third of businesses (35%) say this is because they don’t understand what cyber insurance should cover.

Of the 62 per cent of businesses that do have a cyber insurance policy in place, understanding of what the policy covers them for has declined over the past year, with only a quarter (25 per cent) saying they are ‘very familiar’ with what’s covered, compared to 40 per cent in 2021.

The research also found confidence in current measures to safeguard sensitive customer data has dropped, from almost half of middle-market businesses (47 per cent) feeling ‘very confident’ in 2021 to just over a third (35 per cent) feeling ‘very confident’ this year.

This loss of confidence is justified, as the increase in ransomware attacks demonstrates cybercriminals are focusing efforts on ringfencing data that is key to an organisation’s continued operation.

Increasing security protocols remains the top action taken to enhance IT and data security in response to widely publicised data breaches (47 per cent), followed by updating privacy policies (42 per cent) and engaging data security consultants (41 per cent).

Only four per cent of businesses failed to take any action in response to high profile cases of data breaches reported in the media.

“It’s essential that board members educate themselves and their workforce about the increased risks and how to mitigate these in a continually evolving cyber threat landscape,” said Kate.

“With cyber-crime now occurring on an industrial scale across all sectors, no business can afford to ignore it. Every business should have a cyber incident response plan in place. Cyber security should be central to every business’s strategic and operational risk management process.”