Nine out of the 10 firms put to the professional hacker by accounting technology consultant and founding director of Smithink, David Smith, had their servers cracked.
The hacker was also able to download the databases of eight of the same 10 firms.
Mr Smith said it’s really “basic stuff” that can often see a firm come undone — like using guessable passwords or having passwords visible at a workstation.
“In my own case, I reckon I've got about 200 passwords and you've got to have some way of managing that,” he said.
Disgruntled ex-staff not being effectively locked out of a firm’s systems is also a contributing factor.
“Remember that many of the high-profile hacks that have occurred, have actually been internal jobs. The very famous Ashley Madison situation was somebody inside Ashley Madison being unfaithful. Who would've thought of that?” Mr Smith said.
However, Mr Smith being the “eternal optimist”, believes that time will take care of these basic but persistent security issues.
“The issue will always be there because they will always be very smart, bad people out there. At the end of the day, the internet for most people is only a bit over 20 years old, so we still haven't worked a lot of the stuff out. You go another 10 or 15 years from now, I think you'll find the internet will be a lot more secure than it is today,” he said.