Governance
Keep your security policy and procedures up-to-date and well publicised internally.
The changing cyber threat landscape presents a serious risk to the middle market. Growing awareness in the middle market has helped businesses arm themselves against the threat. But staying ahead of cyber-crime takes constant work.
With real time data directly from the middle market and analysis from RSM’s technology risk experts, explore the key threats to the middle market and what businesses are doing to protect themselves in our cyber security report.
Cases of successful cyber-attacks had increased by 7 per cent – the actual number is most likely much higher. Positively, businesses are taking significant action to protect themselves from the threat. Half of our respondents had increased their investment in cyber security. Many still feel like an attack over the next year is likely, and awareness of the threat of cyber-crime is helping to drive protective action. A large portion of our respondents have updated protocols and policies, engaged consultants and reinforced remote working solutions.
Our latest Cyber Security report looks at ransomware as a particularly concerning threat to the middle market. 72 per cent of our respondents felt they could be at risk of an attack over the next 12 months. One troubling development here is the availability of ransomware as a service – more commonly known as RaaS. Crime as a service means that the number of would-be criminals out there could be infinite, which poses a huge risk to businesses. It’s accessible and tends to produce results.
The pandemic accelerated businesses’ appetite for digital transformation. 55 per cent of our middle market business leaders have adopted a cloud-first strategy, up from only 36 per cent in 2021. The benefits of cloud are clear – capacity management, efficiency, operational resilience – but it’s important that businesses are using reputable and certified providers.
We asked our middle market business leaders how they felt about their own board. A third felt that their Board did not have a comprehensive understanding of the threat landscape to the extent that they are able to determine the level of organisational risk appetite. The leadership is a pivotal cornerstone in any business’s cyber security strategy. It sets an example for the business, makes the decisions around investment into security measures and, ultimately, is responsible for any attack. It is therefore essential that any Board has someone with knowledge at the table.
Leadership needs to know all the details, however uncomfortable they are to hear. This means you need your people to trust you enough to be open about things.
Keep your security policy and procedures up-to-date and well publicised internally.
Get to know your organisation’s network and where your vulnerabilities are.
Implement or benchmark your cyber controls against industry standard frameworks.
Ongoing and regular testing is vital in creating a security culture.
Understand your assets, their risks and the potential impact of a security event.
Practice your recovery plans and incident response procedures.
We now live in a global business environment, with middle market companies providing and receiving products and services all over the world. But while understanding risks at home is certainly important, organizations must also know the threats that are prevalent in the countries where they do business.
As the tragic events in Ukraine unfold, their impact is being felt across the globe. The crisis will affect the already turbulent cyber threat landscape. The UK’s middle market needs to act now to protect itself from what could be coming.
Sign up here to stay updated with all the newest insights from The Real Economy.
You will be first to receive all our Real Economy content including topical reports, insights into the Middle Market Business Index and our related podcast episodes.