United States

Hackers increasingly target upper middle market companies

INSIGHT ARTICLE  | 

Middle market companies may not be taking the threat of a data breach seriously enough as hackers increasingly target business in the sector's upper tier, a recent RSM poll shows.

Businesses with revenues of $50 million to $1 billion are now in hackers’ sights, and many midsize companies  may be overconfident about the steps they have taken to shore up their information, according to RSM’s first quarter US Middle Market Leadership Council Survey.  The survey included a special set of questions surrounding information and data security.

Middle market businesses overall are seeing a steady rise in data breaches, with 13 percent reporting incidents in the first quarter of 2018, compared to just 5 percent in the same period three years ago. Of the larger middle market companies surveyed by RSM, nearly twice as many—some 19 percent—report a first quarter breach, compared to 10 percent two years ago. 

“While smaller organizations are easier to target, they often don't have enough data for hackers to monetize,” says Daimon Geopfert, national leader of security, privacy and risk for RSM US LLP, adding that hackers “are becoming more professional in their approach.” “They are actively going after upper middle market companies, which don't have the robust defenses of larger corporations. That's really their sweet spot.”  

Nearly half of middle market businesses (47 percent) indicate a likelihood that unauthorized users will attempt to access the businesses’ data or systems in 2018, the survey found. However, the majority (93 percent), remain confident in their organizations’ existing measures to safeguard sensitive customer data. “There's almost a rationalization going on; they are trying to convince themselves that they are a little more protected from a potential data breach than they really are,” Geopfert says.

A little more than half of middle market businesses (52 percent) said they carry cyber insurance to protect their businesses and individual users from internet-based threats. Meanwhile, 18 percent of middle market businesses claimed they experienced a ransomware demand during the last 12 months. Of those impacted, half claimed more than one attack, and 44 percent said their existing security and operational controls were not completely successful in dealing with the breach.

Vincent Voci, senior policy manager for national and cybersecurity at the U.S. Chamber of Commerce, calls for more vigilance on the part of businesses. "By using sound risk management tools, like cyber insurance, middle market businesses can improve their security and resilience postures and make the price of illicit hacking increasingly steep," Voci says.

Geopfert says increasing incidences of middle market cybercrime may be exacerbated by views among middle market executives that their businesses are too small to draw attention from hackers.

“The problem is a lot of the hacking is automated. It simply grinds around the internet and looks for vulnerabilities,”  he says. “To the hackers you are just an IP address and numbers, and the internet is a giant, agnostic blob of numbers. From that perspective, everyone is a potential target.”

Look for RSM's comprehensive report on data security and the middle market, coming in April, and download the RSM US Middle Market Business Index.

DOWNLOAD THE FULL 2018 FIRST QUARTER REPORT

How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Rapid Assessment®

Complete our Rapid Assessment form to be contacted about receiving our "quick-hit" diagnostic of your critical areas of operations.

LEARN MORE



Events/Webcasts

IN-PERSON EVENT

Emerging risks: 2018 Risk Advisory Executive Forum

  • April 26, 2018

IN-PERSON EVENT

Cybersecurity lunch and learn: Shedding light on the dark web

  • March 21, 2018

IN-PERSON EVENT

Meet RSM at the 2018 IIA GAM Conference

  • March 12, 2018

RECORDED WEBCAST

2018 economic and risk outlook webcast

  • February 20, 2018

RECORDED WEBCAST

AML and regulatory compliance webcast series: Winter 2018

  • February 13, 2018