Companies today face more frequent and sophisticated cybersecurity threats than ever before. And, according to the 2023 RSM US Middle Market Business Index Cybersecurity Special Report:
91%
of respondents have moved data to the cloud for security purposes
The RSM report finds that the threat of a breach is a major concern for all organizations.
68%
of executives believed unauthorized users would attempt to access data or systems in 2023.
20%
of middle market executives said their company had previously experienced a data breach.
58%
of respondents had outside parties attempt to manipulate employees by pretending to be trusted third parties or company executives.
In this fraught cybersecurity environment, just reacting to security threats is no longer an option—companies must be proactive.
The challenge is: most companies rely on a variety of cloud services, and technology and automation solutions. While some have the bandwidth to handle their IT and security needs in-house, many companies are outsourcing to third-party service providers, making it difficult for leadership to get the operational insight needed—both internally and from their third parties.
In the RSM survey:
70% of respondents reported increased policy premiums.
Consistent with last year, only 2% saw a decrease in premiums.
Companies need cybersecurity information from third-party service providers to manage their business and respond to increased scrutiny from regulators, sales prospects and customers.
System and Organization Controls (SOC) reports and the new SOC 2 reports can provide transparency into your operations or those of your service providers, including:
Information
About infrastructure, software, people, procedures, data, and risk management.
Insight
Into security, availability, processing integrity, confidentiality, or privacy.
Descriptions
Of all the tests conducted and the related results.
Your company should consider proactively preparing SOC and SOC 2 reports because:
- They replace or supplement what most regulators and customers would audit.
- Many service providers are required to provide a SOC report to be considered a business partner.
- Offering these reports can help your company gain a competitive advantage.
In the RSM report:
50%
of middle market companies moved or migrated data to the cloud as a result of security concerns during the past year.
2 in 3
Two in three cybersecurity incidents involving system intrusions originate via an organization’s partners, according to Verizon’s 2022 Data Breach Investigations Report.
63%
ISACA’s State of Cybersecurity Report finds that 63% of cybersecurity teams are understaffed.
Getting started with SOC and SOC 2 reporting
SOC reporting can be complex. While some companies can do these reports in-house, many companies can’t.
An outside advisor can help your organization:
- Identify the most appropriate SOC report to provide control assurance to regulators, your customers, and other stakeholders.
- Conduct a SOC readiness audit.
- Prepare SOC reports.
- Navigate the challenges of SOC reporting.
Related insights
Recorded webcast
Cybersecurity update: Sharpening the focus on security
Hear from our cybersecurity professionals to discuss ransomware attacks and business takeover threats, information and data security, privacy protections compliance and outsourcing cybersecurity.
