RSM US Middle Market Business Index: Cybersecurity Special Report
Understanding the cybersecurity threat
WHITE PAPER |
Middle market particularly susceptible to cybercrime
The age of big data translates to even bigger risk for businesses of all sizes, but middle market companies are particularly vulnerable.
While widely reported hacks of large corporations such as Equifax and Uber made headlines in 2017, lesser known was the multitude of breaches into midsize businesses, which are increasingly landing in the crosshairs of cybercriminals.
Compared to just three years ago, significantly more middle market companies (13 percent versus 5 percent) contend they experienced data breaches, according to the RSM US Middle Market Business Index.
Bigger middle market businesses, with enough scale to attract cybercriminals but typically lacking the defensive resources of their large-cap rivals, have become attractive targets, according to the data from the responses of some 400 middle market executives.
From ransomware attacks and identity theft to intellectual property risks and privacy concerns associated with the increased use of digital currency, the security of electronic information is set to remain among the biggest challenges facing companies in the 21st century.
There are few signs of crime abatement in the ever-changing cyber landscape. Nearly 50 percent of midsize companies expect they will face unauthorized users attempting to breach their data or systems this year, according to the executives surveyed.
Moreover, despite incidents of rising cybercrime, just half of the businesses surveyed carry cyber insurance policies to protect against internet-based risk. Our study shows that many of those policies may fall short of comprehensive coverage.
Meanwhile, the C-level executives we surveyed may be overly confident in their firms’ internal abilities to thwart an attack. Some 93 percent of respondents were confident in their organizations’ ability to safeguard customer data. The reality—based on actual incident reports—is proving that confidence may be misguided. While smaller companies were hardest hit last year, midsize companies with annual revenues of $50 million to $300 million accounted for a fifth of cyber incidents, according to NetDiligence®, which produces a yearly report, sponsored by RSM, that tracks cybercrime. Those companies with higher levels of income suffered significantly fewer incidents.
Cybercrime behaves much like a mutable disease, continually evolving, pushing new boundaries, finding vulnerabilities and subsequently exploiting weaknesses. We have developed this report to shed light on some of the important trends related to cyber incidents in the middle market, and the steps that midsize companies can take to mitigate ongoing risk.
inside the report
Data carries a high value to hackers and other cybercriminals who seek sensitive customer and employee data or intellectual property.
Cyber liability insurance, or CLI, enables organizations to transfer some portion of their cyberrisks and is often a smart investment.
Ransomware transcends boundaries between company size and industry. These hackers don’t care about data—they care about company operations.
As data breaches become more frequent, several regulatory bodies are establishing new privacy guidelines to project sensitive consumer data.
Social engineering attacks are designed to trick employees into granting access to systems or divulging sensitive information.
Middle market organizations must evaluate several important issues to address potential cyber vulnerabilities.