• Register
Return to: Home > News > Advisory > UK mid-market boards ignoring £30bn cyber risk

UK mid-market boards ignoring £30bn cyber risk

Research from Grant Thornton UK has identified cyber-attacks as a clear and present danger for mid-market businesses in the UK, but warns that boards are not effectively prepared to manage the risk. In the last 12 months, the total cost of cyber security breaches to UK mid-market businesses has reached at least £30bn yet 63 per cent of UK mid-market businesses do not have a board member responsible for cyber security.

More than half (53%) of the companies interviewed reported losses equivalent to 3-10% of revenue following a cyber-breach. For those businesses hit most severely, losses can reach up to 25% of revenue. Six per cent of the businesses surveyed reported a loss of this size (11 to 25% of revenue).

Despite this, the research found that almost two thirds (63%) of the companies interviewed had no board member with specific responsibility for cyber security and that the board does not formally review cyber security risks and management.

The organisations interviewed were also under-prepared in terms of making their people aware of cyber risks, with only one in three (36%) providing all their employees with cyber security training in the last 12 months.

Almost 70 per cent of the respondents felt confident in their ability to respond consistently at any time to a cyber-attack across their entire organisation. Conversely, over half of the businesses surveyed do not have a cyber incident response plan in place (59%). However, the research found that companies that have an incident response plan in place experience lower financial losses from a cyber-attack than those that don’t.

The report identifies six key areas that mid-market boards should be focusing on to ensure they are properly prepared, including;

  • establishing a cyber incident response plan
  • regularly rehearsing the response plan using a range of different scenarios
  • monitoring and managing the risk posed from their supply chain
  • ensuring they understand the terms of their insurance and what is covered
  • understanding what ‘normal’ looks like for their business, in terms of application usage, so they can identify any unfamiliar patterns
  • investing in regular training and raising their people’s awareness of cyber security.

Top Content

    South Africa: sensing new opportunities

    It has been an interesting couple of years for the profession in South Africa. A number of high-profile scandals have brought the profession and the role of auditors into sharp public focus, brewing a distrust towards accountants and a large expectations gap. Joe Pickard reports.

    read more

    Ghana: a quest for consistency

    Ghana’s current economic profile would suggest a fertile landscape for purveyors of accounting services. But inconsistent approaches to compliance and application of standards – coupled with problems in the banking sector and consequent liquidity constraints – have created a challenging environment. Paul Golden writes.

    read more

    Drone technology: audit takes to the skies

    The movement towards a digitised era has already impacted the auditing profession in a number of ways, from blockchain to artificial intelligence. Now firms are taking to sky and using drone technology in their audits. Mishelle Thurai speaks to Big Four firms to find out more.

    read more

    SBC: a new alliance joins the market

    Jonathan Minter speaks to Paul Tutin, chair of founding firm Streets Chartered Accountants, about why the business and its European partners took the decision to launch their own association.

    read more
Privacy Policy

We have updated our privacy policy. In the latest update it explains what cookies are and how we use them on our site. To learn more about cookies and their benefits, please view our privacy policy. Please be aware that parts of this site will not function correctly if you disable cookies. By continuing to use this site, you consent to our use of cookies in accordance with our privacy policy unless you have disabled them.