Comparing US and UK cyber security risk perspectives

We now live in a global business environment, with middle market companies providing and receiving products and services all over the world. But while understanding risks at home is certainly important, organizations must also know the threats that are prevalent in the countries where they do business.

A significant number of U.S.-based companies have business interests in the U.K. or may be considering future expansion in the region. With data from the RSM UK Middle Market Business Index Cyber security Special Report, we can make key comparisons to cyber security threats and strategies in the United States and provide insight into how companies may address U.K. risks moving forward. 

1. More breaches occurred in the U.K., but more executives expect attempts in the U.S.

In the United States, 22 per cent of respondents experienced a data breach in the last year, while 34 per cent of U.K. executives reported one. However, while 72 per cent of U.S. respondents expect unauthorized users to attempt to access data or systems in 2022, 67 per cent of U.K. counterparts expect a breach attempt. The risks are high in both countries, but with reported breaches more than doubling in the past year, U.K. companies may need to implement additional controls or adjust cyber security strategies. 

2. U.S. companies experienced more business takeover attempts, but criminals were more successful in the U.K.

Forty-five percent of U.S. respondents had outside parties attempt to manipulate employees by pretending to be trusted third-parties or company executives, with 27 per cent of those companies ultimately suffering successful attacks. Meanwhile, 39 per cent of U.K. companies reported a manipulation attempt, but 64 per cent of those organizations experienced a successful attack. The manipulation attempts and successful breaches were both down in the U.S. this year, while the U.K. saw significant increases in both metrics. More U.K. companies provide training, but with attacks on the rise and more of their employees acting on fraudulent requests, more or more targeted training may be necessary. 

3. The ransomware threat is more pronounced in the United States—for now.

More middle market executives in the United States reported a ransomware attack than in the U.K. (23 per cent versus 19 per cent), but the gap is narrowing. We are seeing a shift in both countries though, but in different directions. Only 11 per cent of U.K. middle market organizations reported an attack in last year’s data, while U.S. executives have experienced a drop from 33 per cent in 2021. In addition, more U.K. companies expect an attack in the coming year (72 per cent compared to 62 per cent). Ransomware cases had been steadily on the rise in the U.S. prior to this year’s data, and unfortunately it was only a matter of time before the threat became more pervasive in the U.K. 

4. Cyber insurance is now more extensively leveraged in the United Kingdom. 

Cyber insurance became much more popular overseas in the last year, with slightly more survey respondents now carrying a policy in the U.K. than in the United States (62 per cent versus 61 per cent). The number of respondents whose companies have coverage has stayed fairly consistent in recent years in the U.S., but U.K. middle market leaders reported a significant jump, considering only 40 per cent in last year’s report said they carried a policy. Policies have been seen as more restrictive recently in the U.S., but U.K companies are likely now seeing more benefits of coverage as breach attempts continue to increase. 

5. More U.K. middle market companies now leverage the cloud for data security.

In this year’s data, 49 per cent of U.K. middle market companies moved or migrated information to the cloud for security concerns, compared to 36 per cent in the United States. While the amount of U.S. respondents utilizing the cloud for security reasons dropped slightly, the U.K.’s usage grew sharply from 27 per cent last year. An overwhelming number of executives in both countries whose businesses leverage the cloud feel their data is more secure, and U.K. respondents are adopting cloud strategies more often to help address increasing risks.

Organizations with U.S. and U.K. operations must understand the nuances of cyber risks abroad and protections that may be underutilized. With this knowledge, leaders can develop a more effective and comprehensive cyber security approach, and better protect sensitive data and systems.