Press release

New research from Grant Thornton reveals a discrepancy in how businesses approach cybersecurity in different parts of the world.

The figures show that businesses in Western economies are leaving themselves more vulnerable to cyber-attack than those in African and ASEAN countries, due to a lacklustre effort to assign risk profile to data.

According to Grant Thornton’s International Business Report (IBR), when it comes to assigning risk profiles to identify where the most valuable or vulnerable data sits, businesses in the EU (53%), North America (54%) and the G7 (55%) underperform in comparison to businesses in Asia Pacific (60%), Africa (64%) and ASEAN (66%). Many organisations in developed economies therefore take an underdeveloped approach to cybersecurity.

As such, businesses in western countries, including the US (54%), the UK (50%), Germany (49%) and France (40%), are less likely to assign risk profiles to their data than Thailand (78%), Malaysia (70%) and China (61%).

Paul Jacobs, Global leader – cyber security at Grant Thornton, said:

“These figures should serve as a wakeup call to many organisations in some of the world’s largest economies, who are underprepared and have not taken steps to identify which of their data is most valuable, and therefore, most vulnerable.

“What we know is that all business data is not created equal. Cyber criminals recognise this, which is why they target and steal the data that they know will bring them the greatest reward. Unfortunately, many organisations are left open to attacks, because without knowing which of their data is most valuable, they are unable to give it the necessary protection.

“It’s much the same as how we protect the valuables in our homes. We’re not likely to store our jewellery in the garden shed alongside the hedge clippers, protected by nothing more than an old padlock. Organisations need to identify which of their data comprises the crown jewels, and then place a proportionate amount of protection around those valuables.”

Grant Thornton’s research also sheds light on how businesses in different industries around the world approach cybersecurity. The figures show that, globally, healthcare companies are most likely to assign a risk profile to their data (76%). This is significantly higher than the proportion of firms in industries such as the financial services (50%) and professional services (53%).

The IBR data has previously found that more than one in five (21%) businesses globally faced a cyber-attack over the year to Q3 2016. Businesses in the EU (32%), G7 (26%) and North America (24%) were more vulnerable than those in the Asia-Pacific (13%) and ASEAN (7%) regions. [1]

Paul Jacobs added:

“It’s striking to see that businesses in parts of the world which have seen more cyber-attacks are also the ones who do a poorer job of assigning risk profiles to their data. Organisations in these regions urgently need to recognise what the most valuable data is, and the steps they need to take to protect it.

“Many businesses are in the dark about the data they hold, and therefore misallocate resources by simply applying a baseline cyber protection across all their data. As a result, they can be caught out in protecting data of little value, while their most critical assets are more exposed than they should be.”

[1] The data citing the percentage of businesses that faced a cyber-attack uses IBR data from Q3 2016. All other figures used are taken from IBR Q4 2016 data.


Notes to editors

The Grant Thornton International Business Report (IBR) provides insight into the views and expectations of more than 10,000 businesses per year across 36 economies

Data collection

Millward Brown, Grant Thornton’s research partner, manages the fieldwork and data collection.  Interviews are conducted on a quarterly basis in the local language and primarily by telephone.   


IBR is a survey of both listed and privately held businesses. The data for this release are drawn from interviews with 5,526 chief executive officers, managing directors, chairmen or other senior executives from all industry sectors conducted between July and December 2016.