As threats evolve, it’s more important than ever for businesses to bolster their cyber posture.
Key takeaways
Businesses must also continue advocating for a more coherent regulatory environment.
A collaborative approach to cybersecurity can enhance collective security and resilience.
By Christopher D. Roberti, Senior Vice President for Cyber, Space, and National Security Policy, U.S. Chamber of Commerce
The Trump administration assumed office at a critical moment for cybersecurity policy. The threat landscape is more complex than during President Trump's first term, with companies facing a relentless rise in the pace and scale of cyberattacks from criminals and foreign adversaries. In the time since President Trump was last in the White House, headlines from around the world have alerted the public to this trend—which includes large-scale attacks on health care companies, destructive ransomware attacks and the persistent threats of Volt Typhoon and Salt Typhoon.
Now more than ever, companies must invest time, effort and capital into securing their digital infrastructure. However, while companies are focusing heavily on improving their cyber posture, the current regulatory environment is siphoning critical resources away from attack surfaces and toward compliance.
As we enter this new era of risk and uncertainty, the U.S. Chamber of Commerce is advocating for a collaborative approach to cybersecurity, emphasizing the importance of public-private partnerships and industry-led standards to enhance our collective security and resilience.
The Chamber has identified three key issues middle market companies must consider as cybersecurity threats and strategies evolve:
Companies can’t afford to stay complacent.
The RSM US Middle Market Business Index Special Report: Cybersecurity 2025 finds that nearly all companies expect to increase cybersecurity investments and that 97% of survey respondents are confident in their current measures to safeguard data, up from 95% the previous year and the highest number in the survey’s history.
This may seem promising, but technology—and cyber risks—are ever-changing. Even as responses to cyberattacks evolve, adversaries have become increasingly sophisticated and relentless. It's critical that companies keep up with advancements to remain vigilant in the face of emerging technology and evolving geopolitical tensions that could pose potential threats to their organization.
Regulatory burdens restrict vital cybersecurity development.
Regulatory complexity causes companies to spend an inordinate amount of their cyber budgets on resources to understand these regulations. RSM reports that 51% of the companies surveyed currently outsource cybersecurity risk and compliance management, the leading outsourced function in the MMBI survey. Reductions in regulatory burdens would enable companies to shift valuable assets and resources to improving their cyber defense capabilities.
Without overreaching regulatory burdens, businesses would be better equipped to protect and defend their livelihoods. The Chamber is advocating for regulatory harmonization and efficiency that promotes mutual reciprocity across public-private partnerships and establishes international industry standards.
Emerging and current technologies are useful but require strategic placement.
Artificial intelligence is a potentially powerful tool to leverage for cyber defense, providing companies with new opportunities for insight, efficiency and productivity. Proper use of AI remains a critical area of development to advance the success and reliability of companies’ cybersecurity defenses.
The cloud is increasingly central to many companies' IT and daily operations—but must be properly configured for organizations to reap the security gains associated with the transition to cloud infrastructure. The greatest share of companies (34%) in the MMBI survey operate 21%−50% of their infrastructure and business applications in the cloud, while the next largest group (22%) uses the cloud for 51%−75% of their environment.
The takeaway
As the cyber landscape continues to evolve, it’s more important than ever for businesses to understand and incorporate advanced technologies to bolster their cyber posture. Equally important, businesses must continue advocating for a more coherent regulatory environment to ensure they can focus time and effort on the important work of securing their digital infrastructure.
By fostering public-private partnerships that embrace industry-led standards, we can enhance our collective cyber posture and better secure increasingly large and complex attack surfaces.
The RSM US Middle Market Business Index Special Report: Cybersecurity 2025 is a report of middle market companies' insights on cybersecurity. All findings are based on a survey in the field from Jan. 6 to Jan. 27, 2025.
RSM US MMBI
Cybersecurity special report
Our annual insights into cybersecurity trends, strategies and concerns shape the marketplace for midsize businesses in an increasingly complex risk environment.
