RSM warns of increased cyber-attack threat for middle market businesses

Over a quarter (27%) of middle market businesses have experienced a cyber-attack in the past year, up from one in five (20%) last year, according to RSM’s ‘The Real Economy’ report.

However, despite a “significant increase” in cyber-attacks, the number of businesses that think they are likely to fall victim has fallen. The research found the number of businesses that felt they are ‘very likely’ to fall victim to a ransomware attack has actually fallen significantly, from 34% in 2021 to just 24% this year.

Ransomware attacks, where hackers either steal or encrypt data, rendering it inaccessible, then hold a business to ransom for it, have escalated 100% since the pandemic, according to the Information Commissioner’s Office (ICO).

RSM revealed attacks are expected to rise further in future, partly due to changing external events such as increases in inflation, volatile financial markets and the current Russia-Ukraine situation.

Researchers for the cyber economy, Cybersecurity Ventures predict that by 2031 ransomware will cost victims $265bn (£211bn) a year, with an attack expected to take place every 2 seconds, up from every 11 seconds in 2021.

The Real Economy research found 17% of businesses have been targeted with ransomware more than once, compared to only 11% last year. The figures may suggest a level of complacency has set in among middle market businesses, leaving them vulnerable to future attacks.

Sheila Pancholi, technology risk assurance partner at RSM UK, said: “The rapid shift to home working brought about by Covid meant businesses were initially more aware of the need for tighter cyber security measures as people logged on to work from home, often utilising their own unsecured devices.

“Now, as many middle market companies have already made an initial investment in protecting their business, there is a risk they mistakenly believe they have done enough, and have now developed a false sense of security. In reality, cyber security is an ongoing process, as criminals are constantly evolving, developing new attack techniques and seeking out new vulnerabilities.”

She added: “To keep one step ahead of the cyber criminals, businesses need to ensure IT systems remain secure, and continually review cyber security measures to ensure they are as robust as they possibly can be.”