Mid-market firms vulnerable to cyber-crime, study finds

Immersive Labs

Cyber-crime and security breaches cost Britain’s mid-market businesses at least £30 billion in the last year alone, a leading audit and accountancy firm says.

Research conducted by Grant Thornton UK LLP reported that over half of interviewed companies (53%) said revenue had fallen by 3-10% in the wake of a data breach.

The companies hit hardest reported losses of up to 25% of revenue, while 6% of those surveyed said that a breach caused a loss of 11-25%.

In spite of the alarming findings, the study discovered that 63% of companies polled had no designated board member tasked with taking care of cyber-security issues. An incredible 63% said that no formal review structure was in place to address cyber-security and data management.

The organisations questioned also demonstrated a poor preparation with regards to developing a cyber-security conscience among their workers. Just 36% had given their employees cyber training over the course of the past year.

Commenting on the findings, partner and head of cyber consulting at Grant Thornton, James Arthur, said:

“Boards have a key role to play in ensuring an effective cyber strategy is in place. Putting cyber-crime onto the board’s agenda is one of the most effective ways to minimise the chances of a successful attack and reduce the financial impact if a breach occurs. With that in mind it is worrying that almost two thirds of the businesses we interviewed do not have a board member responsible for cyber security.

“While commitment from the top is vital, ensuring your people are properly trained is also essential. Often, companies make themselves vulnerable to attack simply by failing to get the basics right.

“Training to raise employee awareness can have a hugely positive impact on cyber security. People are often unaware of the important role they play in helping a business to stay protected, so companies of all sizes need to ensure they have regular and ongoing cyber security training in place.”


PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.

Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/