• Skip to content
  • Skip to navigation
Global site
  • Global site
  • Algeria
  • Botswana
  • Cameroon
  • Egypt
  • Ethiopia
  • Gabon
  • Guinea
  • Kenya
  • Libya
  • Malawi
  • Mauritius
  • Morocco
  • Namibia
  • Nigeria
  • Senegal
  • South Africa
  • Togo
  • Tunisia
  • Uganda
  • Zambia
  • Zimbabwe
  • Anguilla
  • Antigua
  • Argentina
  • Aruba, Bonaire, Curacao and St. Maarten
  • Bahamas
  • Barbados
  • Bolivia
  • Brazil
  • British Virgin Islands
  • Canada LLP
  • Canada RCGT
  • Cayman Islands
  • Chile
  • Colombia
  • Costa Rica
  • Dominica
  • Ecuador
  • El Salvador
  • Grenada
  • Guatemala
  • Honduras
  • Mexico
  • Montserrat
  • Nicaragua
  • Panama
  • Paraguay
  • Peru
  • Puerto Rico
  • St Kitts
  • St Lucia
  • St Vincent and the Grenadines
  • Trinidad & Tobago
  • Turks and Caicos Islands
  • United States
  • Uruguay
  • Venezuela
  • Afghanistan
  • Australia
  • Bangladesh
  • Cambodia
  • China
  • Hong Kong
  • India
  • Indonesia
  • Japan
  • Korea
  • Malaysia
  • Mongolia
  • Myanmar
  • New Zealand
  • Pakistan
  • Philippines
  • Singapore
  • Taiwan
  • Thailand
  • Vietnam
  • Albania
  • Armenia
  • Austria
  • Azerbaijan
  • Belarus
  • Belgium
  • Bosnia and Herzegovina
  • Bulgaria
  • Channel Islands
  • Croatia
  • Cyprus
  • Czech Republic
  • Denmark
  • Estonia
  • Finland
  • France
  • Georgia
  • Germany
  • Gibraltar
  • Greece
  • Hungary
  • Iceland
  • Ireland
  • Isle of Man
  • Israel
  • Italy - Bernoni
  • Italy - Ria
  • Kazakhstan
  • Kosovo
  • Kyrgyzstan
  • Latvia
  • Liechtenstein
  • Lithuania
  • Luxembourg
  • Malta
  • Moldova
  • Monaco
  • Netherlands
  • North Macedonia
  • Northern Ireland
  • Norway
  • Poland
  • Portugal
  • Romania
  • Russia
  • Serbia
  • Slovak Republic
  • Slovenia
  • Spain
  • Sweden
  • Switzerland
  • Tajikistan
  • Turkey
  • Ukraine
  • UK
  • Uzbekistan
  • Bahrain
  • Egypt
  • Jordan
  • Kuwait
  • Lebanon
  • Oman
  • Qatar
  • Saudi Arabia
  • United Arab Emirates
  • Yemen
Grant Thorton Logo

Grant Thornton Logo Grant Thornton logo

Find your local member firm
  • About Us
  • Locations
  • Services
  • Industries
  • Insights
  • Advisory
  • Assurance
  • Tax
Advisory Home
  • Business consulting services
  • Business process solutions
  • Business risk services
  • Cybersecurity
  • Forensic and investigation services
  • Mergers and acquisitions
  • Recovery and reorganisation
  • Transactional advisory services
  • Valuations
Digital risk How to better manage digital risk
Cyber threats continue to soar. So what’s the solution? Our advice is to build a wider ‘digital risk’ function which integrates data privacy and cyber security. But where should you start?
Assurance Home
  • IFRS
  • Audit quality monitoring
  • Global audit technology
IFRS Insights into IFRS 16
Are you ready for IFRS 16? This series of insights will help you prepare.
Tax Home
  • Corporate and business tax
  • Direct international tax
  • Global mobility services
  • Indirect international tax
  • Innovation and investment incentives
  • Private client services
  • Transfer pricing
  • Tax policy
Tax Say goodbye to the arm’s length principle
After a slow and tentative start, the OECD’s push for a solution on how to allocate and tax the profits from digital business is gathering momentum.
  • Business Services
  • Consumer and industrial products
  • Energy & natural resources
  • Financial services
  • Healthcare
  • Not for profit
  • Private equity
  • Professional Services
  • Public sector
  • Real estate & construction
  • Technology, media & telecommunications
  • Travel, tourism & leisure
Technology, media & telecommunications Home
International Business Report (IBR) TMT outlook: Can tech spend buoyancy keep the industry airborne?
Uncertainty is mounting for technology, media and telecommunications (TMT) businesses amidst a turbulent economic and political backdrop, according to the latest research from Grant Thornton. But with businesses in other industries increasingly looking to new technologies as the path to transformation, this is also a time of opportunity. So how can the TMT industry ride out the turbulence and thrive?
  • Grant Thornton International Ltd. Home
  • Press releases
  • 2016
  • Unseen and unreported: extortion more common than data theft as diversity of cyber-attacks laid bare

Extortion more common than data theft

30 Nov 2016
  • Unseen and unreported: extortion more common than data theft as diversity of cyber-attacks laid bare

New figures from Grant Thornton reveal that extortion and blackmail are more common forms of cyber-attack on businesses than theft of data or intellectual property

This comes as the volume of attacks globally has risen sharply over the last 12 months. According to Grant Thornton, the findings lay bare the diversity of the threat to businesses today and the breadth of the response needed to remain resilient.

Grant Thornton’s International Business Report (IBR) finds that nearly one in four businesses worldwide (21%) have faced a cyber-attack over the last 12 months. This compares to 15% who said the same a year ago.

Grant Thornton’s research reveals that the proportion of businesses suffering cyber-attacks has increased sharply in the developed economies of North America (18% last year to 24% this year) and the European Union (19% to 32%), as well as in Africa (10% to 29%) and Asia Pacific (9% to 13%).

Of those who were attacked, the most common form of cyber-attack cited was damage to their business infrastructure (cited by 22% of firms). But other forms of cyber-attack experienced include using blackmail or extortion to obtain money (17%), a more common occurrence than theft of customer financial details (12%) or theft of intellectual property (11%).

Paul Jacobs, Global leader – cyber security at Grant Thornton, commented:
“Blackmail and extortion is traditionally seen as an ugly form of financial crime. But in the online world it is incredibly organised. It may come as a surprise that more businesses have faced extortion or blackmail than a direct theft by online criminals, but this reflects an unwillingness among victims to publicise their involvement in this sort of cyber-attack.

“These online extortion attempts, whether Malware or Denial of service based, tend to be high volume with a lower average financial impact. However, organisations will experience a larger financial loss on their business from reputational damage, theft of customer details, theft of intellectual property, and potentially physical or infrastructural damage.”

“Whatever form cyber-attacks come in though, for businesses today it’s a question of when rather than if. Building cyber resilience must therefore be a company-wide priority. Yes, strengthening defences to prevent attacks occurring is vital. But it doesn’t end with pulling up the drawbridge. Firms which overlook being mobilised and ready to respond to attacks after they have occurred do so at their peril. That preparedness needs to be multifaceted, too. Simply guarding against one form of attack won’t cut it.”

“There needs to be urgency and proactivity among business leaders as they formulate plans to deal with cyber-attacks. One critical element is understanding the value of the data they hold, and making sure the most important data - that which would cause most damage if compromised - is properly protected.”

The IBR findings also reveal that globally, of those business leaders who have faced a cyber-attack in the last 12 months, nearly one in eight (13%) only realised the attack had occurred more than a week after the event. For 4%, it took longer than a month.

Paul Jacobs added:
“Too many businesses are spotting cyber-attacks too late. That is a real danger. They may haves strengthened firewalls or obtained cyber insurance, but if attacks are not spotted quickly, firms could well find circumstances are out of their control.

“It will take investment to minimise damage when the inevitable occurs. Knowing when you’ve been breached is an essential part of that. Businesses that cannot identify attacks promptly run the risk of heavy financial consequences. Damaging reputational fallout, in the shape of eroded trust among customers and other stakeholders, is also a real possibility.”

– ends –

Notes to editors

The Grant Thornton International Business Report (IBR), launched in 1992 initially in nine European countries, now provides insight into the views and expectations of more than 10,000 businesses per year across 37 economies. More information: www.grantthornton.global

Questionnaires are translated into local languages with each participating country having the option to ask a small number of country specific questions in addition to the core questionnaire. Fieldwork is undertaken on a quarterly basis, primarily by telephone. IBR is a survey of both listed and privately held businesses. The data for this release are drawn from interviews with more than 2,600 chief executive officers, managing directors, chairmen or other senior executives from all industry sectors conducted in July through September 2016.

Share this page
  • Share this page on Facebook LinkedIn
  • Share this page on Twitter Twitter
  • Share this page on LinkedIn LinkedIn
  • Share this page on WhatsApp WhatsApp
  • Share this page on Xing Xing
  • Email Grant Thornton Email
  • Grant Thornton on Youtube
  • LinkedIn icon
  • Twitter icon
  • Follow us on Instagram
Connectclose
  • Meet our people
  • Contact us
  • Global reach
Aboutclose
  • About us
  • Careers
  • Press
  • Corporate social responsibility
  • Modern slavery statement
  • GPPC
Legalclose
  • Privacy
  • Cookie policy
  • Disclaimer
  • Site map
  • Unauthorised trademark use

© 2021 Grant Thornton International Ltd (GTIL) - All rights reserved. "Grant Thornton” refers to the brand under which the Grant Thornton member firms provide assurance, tax and advisory services to their clients and/or refers to one or more member firms, as the context requires. GTIL and the member firms are not a worldwide partnership. GTIL and each member firm is a separate legal entity. Services are delivered by the member firms. GTIL does not provide services to clients. GTIL and its member firms are not agents of, and do not obligate, one another and are not liable for one another’s acts or omissions.

    • EN
    • Sign in
    • Find your local member firm
    Sign in with LinkedIn Close
    Sign in with LinkedIn to save articles to your bookmarks.
    Privacy policy