Member News

East Anglian businesses leaving themselves open to cyber-attacks, says RSM UK

Research published today by RSM UK highlights that, despite a significant increase in cyber-attacks, the number of businesses that think they are likely to fall victim has fallen.

According to RSM UK’s ‘The Real Economy’ report, over a quarter (27%) of middle market businesses* have experienced a cyber-attack in the past year, up from one in five (20%) last year. Yet despite the increased risk to the 2,339 middle market businesses in East Anglia, the research found the number of businesses that felt they are ‘very likely’ to fall victim to a ransomware attack has actually fallen significantly, from 34% in 2021 to just 24% this year.


Ransomware attacks, where hackers either steal or encrypt data, rendering it inaccessible, then hold a business to ransom for it, have escalated 100% since the pandemic, according to the Information Commissioner’s Office (ICO). They are expected to rise further in future, partly due to changing external events such as increases in inflation, volatile financial markets and the current Russia-Ukraine situation.


Earlier this month a survey by BT highlighted that 36% of SMEs in the East of England do not have the right cyber protection tools in place and are instead relying on products intended for consumer rather than business use. Leading researchers for the cyber economy, Cybersecurity Ventures predict that by 2031 ransomware will cost victims $265bn a year, with an attack expected to take place every 2 seconds, up from every 11 seconds in 2021.


There is also evidence that criminals like to return to the scene of the crime, re-visiting easy targets where they have carried out a successful attack, knowing defences are weak. The Real Economy research found 17% of businesses have been targeted with ransomware more than once, compared to only 11% last year. The figures may suggest a level of complacency has set in among middle market businesses, leaving them vulnerable to future attacks. Alternatively, those who have invested in cyber security tools, specialist resources and cyber insurance may wrongly think they no longer need to consider the ongoing cyber threats and are now adequately protected from all types of attacks.


In recent weeks, data extortion group LAPSUS$ has shown how teenaged cyber criminals with little financial resources can extort data from large companies including Microsoft, NVIDIA and Samsung. With such sophisticated and high-profile technology companies who invest significantly in cyber security still coming under threat, middle market businesses must remain vigilant to the threat of cyber-attacks.


Laragh Jeanroy, office managing partner for RSM in East Anglia said: ‘The rapid shift to home working brought about by Covid meant businesses were initially more aware of the need for tighter cyber security measures as people logged on to work from home, often utilising their own unsecured devices. Now, as many middle market companies have already made an initial investment in protecting their business, there is a risk they mistakenly believe they have done enough and have now developed a false sense of security. In reality, cyber security is an ongoing process, as criminals are constantly evolving, developing new attack techniques and seeking out new vulnerabilities. To keep one step ahead of the cyber criminals, businesses need to ensure IT systems remain secure, and continually review cyber security measures to ensure they are as robust as they possibly can be.’


Cyber-crime is now so prevalent that Ransomware is even available to buy as a service, more commonly known as RaaS (ransomware as a service). Criminal syndicates offer ransomware to would-be attackers, meaning quite often these criminals require very little technical knowledge to carry out an attack. This has increased the number of attacks that are possible exponentially. The current Russia-Ukraine situation means the threat of an attack, particularly on financial organisations or national infrastructure, is increased, as state sponsored groups carry out APTs (advanced persistent threats).


Laragh Jeanroy concludes: ‘With cyber criminals now operating on an industrial scale, it is sadly no longer possible to completely eliminate the possibility of an attack, but by remaining aware of the fast-evolving cyber threat landscape and vigilant to potential threats, businesses can reduce the risk considerably.’


Tips to prevent a cyber-attack:

·       Educate the senior executives in the business so they have a clear understanding of cyber risks

·       Keep all operating systems and software up to date to ensure the latest security patches are installed

·       Ensure systems are set up to automatically apply security updates

·       Back up all data, and ensure the backups are routinely tested for recoverability

·       Encrypt any data deemed as confidential, personal or commercially sensitive

·       Educate your staff about how to spot and report any possible threats or attacks

·       Use strong, complex passwords and multi-factor authentication

·       Ensure any online customer transactions are secure

·       Risk assess the need for specialist third party support or cyber insurance

·       Drive a strong security and awareness culture.


Media enquiries


RSM press office

Ed Dewar, Senior PR Manager, 07436 268484

Mel Matthews, PR Manager, 07436 268533

Notes to editor

Further information and a copy of the report can be viewed here.


*The research was carried out by The Harris Poll for RSM. 415 senior executives from UK middle market businesses defined as companies with a turnover between £10m and £750m or financial institutions with assets under management of £200m to £7.5bn were surveyed for the research.

Data for this survey was collected between 10 January and 31 January 2022. Information was collected online or via telephone from 415 executives meeting the set criteria. All individuals qualified as executive level decision makers working across all regions and a broad range of industries. Responses have been weighted to ensure a true representation of the UK economy.

Chart percentages may not equal 100 per cent due to rounding.

RSM is a leading audit, tax and consulting firm to the middle market with 3,660 partners and staff operating from 32 locations throughout the UK. For the year ending 31 March 2021, RSM generated revenues in excess of £376m. RSM UK is a member firm of RSM International - the sixth largest network of audit, tax and consulting firms globally. The network spans more than 120 countries, over 860 offices and more than 51,000 people, with global revenues of $7.26 billion (US).



Article by RSM


RSM is a leading provider of accountancy and business services. Our clients include growing entrepreneurial companies, owner-managed businesses, listed companies and high net-worth individuals.  We have a strong regional office network, with offices in most key cities throughout the UK, which enables us to provide a consistent national service in all our local markets. We are represented internationally through our independent membership of RSM International, the sixth largest worldwide network of independent audit, tax and advisory firms. With around 3,500 partners and staff in the UK and access to more than 43,000 people in over 120 countries across the RSM network, we can meet clients’ needs wherever in the world they operate.

For more information please contact our Bury St Edmunds office on 01284 763311 or visit