Latest News

RSM launches vCISO offering in response to escalating cyber-attacks across the middle market

RSM has launched a new virtual Chief Information Security Officer (vCISO) service to help middle market businesses protect themselves and their customers from the rapid rise in data breaches and cybercrime.

According to RSM’s recent report, ‘Cyber Security – Breaking the Kill Chain’1  20 per cent of businesses surveyed have experienced a cyber-attack in the past year. Security threats have been exacerbated by the pandemic, as fraudsters exploit the opportunities presented by hastily implemented home working practices and increased reliance on email.

Middle market businesses often don’t have a dedicated CISO responsible for information security at a senior level, which could leave them particularly vulnerable to cyber-attacks if threats aren’t assessed on an ongoing basis. RSM’s new vCISO service supports mid-sized companies with a holistic approach to data management and cybercrime prevention. The dedicated team ensures information systems and data security are central to the business strategy and work alongside the board to develop a culture where every member of staff understands their role in mitigating cyber-crime.


Sheila Pancholi, Technology Risk Assurance and cyber security partner at RSM said:

‘The key to robust security lies with leadership. Data security and cyber-attack prevention is so vital to the successful functioning of any business, it needs to be central to every business strategy. A detailed understanding of cyber threats, an awareness of regulatory issues and experts on call to respond quickly to incidents are all critical in today’s digital world. Having a culture of empowering the workforce to identify and report cyber threats is also one of the most effective ways to improve business resilience and prevent cyberattacks.’

A recent ransomware attack on a US software provider2 is estimated to have affected around 200 businesses that rely on its systems, including Coop in Sweden, which had to close 500 of its stores temporarily as a result. McAfee recently estimated cybercrime costs around $1 trillion a year3 to the global economy. This equates to around 1 per cent of global GDP.

Around 90 per cent of data breaches are caused by human error, according to ICO, the UK Information Commissioner’s Office4, further illustrating the need to ensure all staff understand how to recognise, report and mitigate potential cyberthreats.

Sheila Pancholi explains: ‘While advances in AI, automation and digitisation can improve business efficiency and customer service, it also increases the risk of systems being compromised, so it’s essential teams are equipped with the tools and training to foil an attack and businesses encourage a culture where everyone remains vigilant of the risks. Many attacks manipulate the psychology of the workforce, so empowering people to recognise and respond to attacks appropriately should be central to any security strategy.’

RSM’s cyber security survey was the second in The Real Economy series of topical quarterly surveys focusing on the middle market as a powerhouse of the UK economy. It is also the first authoritative source of economic data for this crucial area of UK market, sharing insight and perspective for the wider economy.


  1. Cyber security – Breaking the Kill Chain, RSM, April 2021
  2. Swedish Coop supermarkets shut due to US ransomware cyber-attack, BBC News July 5 2021
  3. The hidden cost of cybercrime, McAfee, December 2020
  4. Human error to blame for 9 in 10 cyber data breaches in 2019, CybSafe, February 7 2020


RSM is a leading audit, tax and consulting firm to the middle market with 3,650 partners and staff operating from 33 locations throughout the UK. For the year ending 31 March 2020, RSM generated revenues of £356m. RSM UK is a member firm of RSM International – the sixth largest network of audit, tax and consulting firms globally. The network spans more than 120 countries, 820 offices and 48,000 people, with a fee income of $6.3bn.