• Register
Return to: Home > News > Advisory > UK mid-market boards ignoring £30bn cyber risk

UK mid-market boards ignoring £30bn cyber risk

Research from Grant Thornton UK has identified cyber-attacks as a clear and present danger for mid-market businesses in the UK, but warns that boards are not effectively prepared to manage the risk. In the last 12 months, the total cost of cyber security breaches to UK mid-market businesses has reached at least £30bn yet 63 per cent of UK mid-market businesses do not have a board member responsible for cyber security.

More than half (53%) of the companies interviewed reported losses equivalent to 3-10% of revenue following a cyber-breach. For those businesses hit most severely, losses can reach up to 25% of revenue. Six per cent of the businesses surveyed reported a loss of this size (11 to 25% of revenue).

Despite this, the research found that almost two thirds (63%) of the companies interviewed had no board member with specific responsibility for cyber security and that the board does not formally review cyber security risks and management.

The organisations interviewed were also under-prepared in terms of making their people aware of cyber risks, with only one in three (36%) providing all their employees with cyber security training in the last 12 months.

Almost 70 per cent of the respondents felt confident in their ability to respond consistently at any time to a cyber-attack across their entire organisation. Conversely, over half of the businesses surveyed do not have a cyber incident response plan in place (59%). However, the research found that companies that have an incident response plan in place experience lower financial losses from a cyber-attack than those that don’t.

The report identifies six key areas that mid-market boards should be focusing on to ensure they are properly prepared, including;

  • establishing a cyber incident response plan
  • regularly rehearsing the response plan using a range of different scenarios
  • monitoring and managing the risk posed from their supply chain
  • ensuring they understand the terms of their insurance and what is covered
  • understanding what ‘normal’ looks like for their business, in terms of application usage, so they can identify any unfamiliar patterns
  • investing in regular training and raising their people’s awareness of cyber security.

Top Content

    Brazil: regulation and technology form basis for recovery

    Opportunities in the capital markets and the ever-growing influence of technology are expected to have a significant impact on the Brazilian accounting profession over the next 12 months, writes Paul Golden.

    read more

    Mentoring support and the opportunity to delegate

    Jon Lisby will be known to many from his former role as CEO of Kreston International. Here, he explains the background to his new venture, Global Alliance Advisory Services (GAAS), and how he aims to offer support to alliance CEOs.

    read more

    Global by name, global by nature

    Stephen Heathcote became chief executive officer of PrimeGlobal on 1 June 2019. Robin Amlôt met him to discuss the various new challenges that he has taken on, and his ambitions for the association.

    read more

    ARGA team, assemble!

    The new top team has been named that will see in root-and-branch reform at the Financial Reporting Council (FRC) as it transforms into the Audit, Reporting and Governance Authority (ARGA). Will the new duo be as dynamic as some are hoping? Robin Amlôt reports.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.