top of page

High-Profile Data Breaches Highlight Significant Data Threat


The NHS has become the latest organisation to be impacted by a cyber-attack on a third-party supplier providing critical services, causing huge disruption to patient care. RSM UK says this latest attack highlights the growing risk to organisations as cyber criminals continue to target third-party service providers. Last week a third-party which holds data for millions of Ticketmaster and Santander customers was hacked by the ShinyHunters hacker group, which is now threatening to sell the data.

According to RSM UK’s latest The Real Economy findings, over half (58%) of middle market businesses have had a third-party service provider suffer a data breach or cyber-attack in the last 12 months. Over a quarter of businesses surveyed (26%) confirmed that this impacted their business either financially, reputationally, or operationally, up from 17% in 2022.

Sheila Pancholi, partner at RSM UK, said: “As the technology landscape evolves, many businesses have outsourced their IT service provision, including cyber security. This shift in behaviour does not go unnoticed by fraudsters, who can see third-parties as a weak link in the security chain, which many are successfully exploiting. While outsourcing can bring the key expertise and skills a business needs, strengthen operational resilience, and scale-up quickly, it can also increase the risk of data security issues and regulatory compliance breaches.”


Stuart Leach, partner at RSM UK added: “The increase in third party breaches highlights the need for formal and extensive technology and cyber due diligence when selecting a third-party supplier."


"This ensures the proper controls and cyber defences are in place to mitigate risk. These defences should be tested at least annually."


"Those who have contracted work out to third parties may be held liable for the consequences, and have their business interrupted for considerable time."


"The reputational damage and loss of trust from customers that a cyber-attack can cause may take years to rebuild.”

Businesses should focus on the following:


  • Map your cyber footprint – this is everywhere your data is, and potentially includes providers without active agreements.

  • Understand your critical providers’ threat landscape and what the motivations of a cyber attacker might be.

  • Assess the potential impact to your business if a critical third-party provider is breached.

  • Assess your and your providers’ controls to manage cyber risk given their threat landscape.

Most Read

Family Business Founders Awarded Freedom Of The City Of London

Family Business Founders Awarded Freedom Of The City Of London

Dan Drogman and Tom Drogman, co-founders of Smart Spaces, have been made Freemen of the City of London, in recognition of their contribution to the City, innovation in the built environment, and international business leadership.

Bechtel Secures Contract Extension At Waste Isolation Pilot Plant

Bechtel Secures Contract Extension At Waste Isolation Pilot Plant

Bechtel announced it received a three-year extension from the U.S. Department of Energy (DOE) to continue managing and operating the Waste Isolation Pilot Plant (WIPP) in Carlsbad, New Mexico.

Leonard Curtis Secures £15M Finance Deal For Charles Trent

Leonard Curtis Secures £15M Finance Deal For Charles Trent

Leonard Curtis has secured a £15 million refinancing and growth facility for Charles Trent Limited, providing increased working capital and long-term headroom to support continued expansion, investment in innovation and the scaling of its circular-economy operations.

Categories

  • Writer: Paul Andrews
    Paul Andrews
  • Jun 6, 2024
  • 2 min read

The NHS has become the latest organisation to be impacted by a cyber-attack on a third-party supplier providing critical services, causing huge disruption to patient care. RSM UK says this latest attack highlights the growing risk to organisations as cyber criminals continue to target third-party service providers. Last week a third-party which holds data for millions of Ticketmaster and Santander customers was hacked by the ShinyHunters hacker group, which is now threatening to sell the data.

According to RSM UK’s latest The Real Economy findings, over half (58%) of middle market businesses have had a third-party service provider suffer a data breach or cyber-attack in the last 12 months. Over a quarter of businesses surveyed (26%) confirmed that this impacted their business either financially, reputationally, or operationally, up from 17% in 2022.

Sheila Pancholi, partner at RSM UK, said: “As the technology landscape evolves, many businesses have outsourced their IT service provision, including cyber security. This shift in behaviour does not go unnoticed by fraudsters, who can see third-parties as a weak link in the security chain, which many are successfully exploiting. While outsourcing can bring the key expertise and skills a business needs, strengthen operational resilience, and scale-up quickly, it can also increase the risk of data security issues and regulatory compliance breaches.”


Stuart Leach, partner at RSM UK added: “The increase in third party breaches highlights the need for formal and extensive technology and cyber due diligence when selecting a third-party supplier."


"This ensures the proper controls and cyber defences are in place to mitigate risk. These defences should be tested at least annually."


"Those who have contracted work out to third parties may be held liable for the consequences, and have their business interrupted for considerable time."


"The reputational damage and loss of trust from customers that a cyber-attack can cause may take years to rebuild.”

Businesses should focus on the following:


  • Map your cyber footprint – this is everywhere your data is, and potentially includes providers without active agreements.

  • Understand your critical providers’ threat landscape and what the motivations of a cyber attacker might be.

  • Assess the potential impact to your business if a critical third-party provider is breached.

  • Assess your and your providers’ controls to manage cyber risk given their threat landscape.

Most Read

Family Business Founders Awarded Freedom Of The City Of London

Family Business Founders Awarded Freedom Of The City Of London

Dan Drogman and Tom Drogman, co-founders of Smart Spaces, have been made Freemen of the City of London, in recognition of their contribution to the City, innovation in the built environment, and international business leadership.

Bechtel Secures Contract Extension At Waste Isolation Pilot Plant

Bechtel Secures Contract Extension At Waste Isolation Pilot Plant

Bechtel announced it received a three-year extension from the U.S. Department of Energy (DOE) to continue managing and operating the Waste Isolation Pilot Plant (WIPP) in Carlsbad, New Mexico.

Leonard Curtis Secures £15M Finance Deal For Charles Trent

Leonard Curtis Secures £15M Finance Deal For Charles Trent

Leonard Curtis has secured a £15 million refinancing and growth facility for Charles Trent Limited, providing increased working capital and long-term headroom to support continued expansion, investment in innovation and the scaling of its circular-economy operations.

Categories

St Austell Brewery Names Children’s Hospice As Its Charity Partner

St Austell Brewery Names Children’s Hospice As Its Charity Partner

St Austell Brewery is proud to announce Children’s Hospice South West as its Charity of the Year.

Lake District Estate Makes Its Own Flavoured Crisps For Guests 

Lake District Estate Makes Its Own Flavoured Crisps For Guests 

A Lake District hospitality venue is manufacturing its own home-made, flavoured crisps for guests to enjoy in its bar, restaurant and microbrewery.

Croxsons Launches First Ever British Sparkling Wine Bottle

Croxsons Launches First Ever British Sparkling Wine Bottle

Croxsons, a 150-year-old family business that manufactures premium glass packaging for the food and drink sector, has developed the country’s first British-made sparkling wine bottle.

Recent Posts

bottom of page