The Bradford-based firm reported record revenue in July and record consulting bookings in the third quarter as more firms wise up to the legal changes to cyber breaches.
ECSC said the industry has seen the first significant intentions to fines by the UK's Information Commissioners’ Office under the new GDPR regulations, with British Airways' fine at £183m and Marriott International's at £99m.
The group said this confirms the significant impact of breaches for organisations failing to adequately address cyber risk. It said more organisations are recognising the need for expert help when their cyber security fails.
ECSC's chief executive Ian Mann said: "The biggest factor (behind the firm's growth) is the new data protection act GDPR and the fact that it's mandatory now to record breaches."
He said the BA and Marriott cases have highlighted this.
"There's a need for detecting breaches at the earlier stage and containing them before they lead to data loss," he said.
"That in essence is what the managed service gives you - 24/7 protection, so if someone tries to hack you in the middle of the night or at the weekend when your staff aren't there, then things are detected and things can be contained.
"That ongoing detection is a requirement of GDPR and most organisations can't do it in-house themselves."
Mr Mann said he expects more high profile cases like BA and Marriott to become public.
"Now you've got a legal requirement to report breaches. Breaches were previously kept internal and out of the public domain, but you've now no choice. It's the law. You have to report breaches," he said.
"Even though it became law in May last year, it takes up a year to investigate. It's only now we're seeing the result of the investigations coming through. You can expect a steady stream of these."
The group is also benefitting from firms deciding that they can't hold off spending any longer. Many firms have postponed spending in the hope that the Brexit crisis would be resolved.
"There is some evidence people delayed projects earlier in the year to hoard a bit of cash because of uncertainty in the UK, but then they got back to doing projects," said Mr Mann.
"You can't carry on delaying things forever. Cyber security is one of those priorities that you don't want to delay too much."
Mr Mann said that the record revenue seen in July has continued through August and September.
"We have good visibility of bookings in the third quarter and well into the fourth quarter so we know it was a reversal of the first half of the year and we can see that's going to continue until the end of the year," he said.
The group said its managed services division saw a 63 per cent increase in revenue to £1.24m in the six months to June 30.
Revenue in the consulting services division fell 23 per cent to £1.2m, but this has picked up since July.