Cyber security

The changing cyber threat landscape presents a serious risk to the middle market. Growing awareness in the middle market has helped businesses arm themselves against the threat. But staying ahead of cyber-crime takes constant work.  

With real time data directly from the middle market and analysis from RSM’s technology risk experts, explore the key threats to the middle market and what businesses are doing to protect themselves in our cyber security report. 

Cases of successful cyber-attacks had increased by 7 per cent – the actual number is most likely much higher. Positively, businesses are taking significant action to protect themselves from the threat. Half of our respondents had increased their investment in cyber security. Many still feel like an attack over the next year is likely, and awareness of the threat of cyber-crime is helping to drive protective action. A large portion of our respondents have updated protocols and policies, engaged consultants and reinforced remote working solutions. 

Our latest Cyber Security report looks at ransomware as a particularly concerning threat to the middle market. 72 per cent of our respondents felt they could be at risk of an attack over the next 12 months. One troubling development here is the availability of ransomware as a service – more commonly known as RaaS. Crime as a service means that the number of would-be criminals out there could be infinite, which poses a huge risk to businesses. It’s accessible and tends to produce results. 

The pandemic accelerated businesses’ appetite for digital transformation. 55 per cent of our middle market business leaders have adopted a cloud-first strategy, up from only 36 per cent in 2021. The benefits of cloud are clear – capacity management, efficiency, operational resilience – but it’s important that businesses are using reputable and certified providers.

We asked our middle market business leaders how they felt about their own board. A third felt that their Board did not have a comprehensive understanding of the threat landscape to the extent that they are able to determine the level of organisational risk appetite. The leadership is a pivotal cornerstone in any business’s cyber security strategy. It sets an example for the business, makes the decisions around investment into security measures and, ultimately, is responsible for any attack. It is therefore essential that any Board has someone with knowledge at the table.