United States

Analyzing the depth of cyberthreats for middle market companies

Larger midmarket companies are in the crosshairs of hackers


Download The Real Economy Vol. 42

While cybersecurity breaches at large corporations and government entities tend to grab headlines, the middle market has become the prime target for hackers and cybercriminals. Unfortunately, many companies often exhibit a false sense of security and overestimate their internal controls, creating vulnerabilities at a time when threats from external and internal parties are evolving and increasing.

The recent RSM U.S. Middle Market Business Index: Cybersecurity Special Report outlines the severity of threats to middle market businesses, what sectors are most susceptible and how to respond to emerging risks. While the study finds that companies are fundamentally confident in the effectiveness of internal security measures, 13 percent of respondents claim to have suffered a data breach in the last year—up from just 5 percent three years ago.

There is no denying that the middle market is a focus for cybercrimes, but larger midmarket companies are specifically in the crosshairs of hackers. The survey finds that 19 percent of larger middle market organizations ($50 million-$1 billion in revenue) suffered more than double the number of breaches than smaller ($10 million-$50 million) counterparts. The upper middle market represents the intersection of opportunity and vulnerability, as hackers generally believe that information at smaller organizations may not hold significant value, and larger companies have likely heavily invested in security.

In addition to the shift in targets, cybercrime tactics have also evolved, with hackers realizing that stealing data is not the most efficient strategy. Data theft certainly still occurs, but hackers now see more direct gain from ransomware attacks that hold key systems hostage and demand large sums to unlock them. Forty-one percent of middle market executives consider themselves likely targets for a ransomware attack, with larger middle market companies (15 percent) viewing the threat as very likely more than twice as much as smaller companies (7 percent).

Cyber liability insurance policies are a key, although potentially underutilized, strategy to lessen the blow of a potential cybersecurity incident. When coupled with a comprehensive security program, cyber insurance can be very effective, protecting servers and technology systems, and offsetting the financial, operational and reputational implications of an incident.

For many middle market companies, cyber insurance is the main reason they were able to stay in business following an incident. Unfortunately, only 52 percent of the respondents in our survey carry a cyber insurance policy, and only 53 percent of those companies understand their level of coverage.

Companies are generally confident that a breach won’t happen to them, either because they think they are too small, or that their data and operations are secure. But in many cases, it’s not a matter of if a breach occurs, but when. Organizations must realistically evaluate their security posture and implement protective measures, because breach response costs can be excessive and damaging for unprepared organizations.

Download the full Real Economy »

you may also be interested in

Understanding the Cybersecurity Threat

Understanding the Cybersecurity Threat

The age of big data translates to even bigger risk for businesses of all sizes, but middle market companies are particularly vulnerable.

  • May 14, 2018