United States

Middle Market Businesses Advance Cybersecurity Protections But Might Underestimate Risk, RSM Survey Finds

Rate of middle market cyber investment trails IT budget norms



Middle market leaders recognize they are a growing target for cybercrime but might not be investing enough to protect themselves against potential attacks, according to a recent report from RSM US LLP (“RSM”), in partnership with the U.S. Chamber of Commerce. The RSM US Middle Market Business Index Cybersecurity Special Report found that the number of middle market companies reporting breaches has nearly tripled in the last three years, yet most executives remain confident in their existing data security measures and investments.

Despite growth in reported breaches and illegal data attempts expected, executive confidence in their security measures has risen to 93 percent from just 75 percent three years ago. At the same time, a large number of middle market executives (47 percent) indicate an attempt to illegally access their data or systems is likely—a significant increase over just two years ago (39 percent).

“In today’s digital economy, findings from the RSM US Middle Market Business Index Cybersecurity Special Report show just how crucial technology investments are to protecting middle market firms. Cyber threats today resemble a traditional arms race,” said Daimon Geopfert, principal and national leader of security & privacy services with RSM US LLP. “The data security challenge is real and growing for middle market companies. The sector is a major target for data breaches, and organizations need to channel additional resources to understand, detect and protect against a sophisticated evolution of threats.”

Middle Market Confident Despite Rising Threats
Some of the top cyber threats concerning the middle market include ransomware and social engineering. To protect themselves, RSM found that nearly two-thirds of middle market companies (65 percent) updated security protocols, while 52 percent purchased new or upgraded software and 41 percent updated internal privacy policies.

Even with more extensive efforts to curb data breach threats, middle market executives must be careful to not become overconfident and create new vulnerabilities – particularly from social engineering. RSM research found that 54 percent of middle market executives say their businesses are likely at risk to an attempt to manipulate employees in the next 12 months.

“The first line of defense in many instances is people,” said Ken Stasiak, consulting principal with RSM US LLP. “Awareness and cultural changes can go a long way in reducing the likelihood of a ransomware attack. The implementation of specific technical controls in conjunction with awareness should be a focus for organizations. Don’t rely on one control or technique since most attacks evolve very quickly.”

Future Data Privacy Regulations on the Radar
The European Union’s General Data Protection Regulation (GDPR) has raised the bar for protecting consumer information, and 20 percent of middle market executives consider GDPR compliance to be relevant to their business. In addition, 45 percent of the middle market organizations surveyed indicated GDPR compliance will be a major effort. Larger middle market organizations with revenues between $50 million to $1 billion in annual revenues are more likely to be impacted.

Many organizations underestimate how much EU data they hold and therefore might not understand the legislation’s potential effect. Everything from geo-location data to browser cookies and biometric data qualifies.

“GDPR is an indicator of the very likely course of upcoming privacy laws in the U.S., and organizations would be well-served to start implementing GDPR-style processes around data privacy and consent,” Geopfert added.

The survey data that informs the index reading was gathered between January 12 and February 5, 2018. To learn more about the middle market and the MMBI, visit the RSM website.

About the RSM US Middle Market Business Index
RSM US LLP and the U.S. Chamber of Commerce have partnered to present the RSM US Middle Market Business Index (MMBI). It is based on research of middle market firms conducted by Harris Poll, which began in the first quarter of 2015. The survey is conducted four times a year, in the first month of each quarter: January, April, July and October. The survey panel consists of 700 middle market executives and is designed to accurately reflect conditions in the middle market.

Built in collaboration with Moody’s Analytics, the MMBI is borne out of the subset of questions in the survey that ask respondents to report the change in a variety of indicators. Respondents are asked a total of 20 questions patterned after those in other qualitative business surveys, such as those from the Institute of Supply Management and National Federation of Independent Businesses.

The 20 questions relate to changes in various measures of their business, such as revenues, profits, capital expenditures, hiring, employee compensation, prices paid, prices received and inventories. There are also questions that pertain to the economy and outlook, as well as to credit availability and borrowing. For 10 of the questions, respondents are asked to report the change from the previous quarter; for the other 10 they are asked to state the likely direction of these same indicators six months ahead.

The responses to each question are reported as diffusion indexes. The MMBI is a composite index computed as an equal weighted sum of the diffusion indexes for 10 survey questions plus 100 to keep the MMBI from becoming negative. A reading above 100 for the MMBI indicates that the middle market is generally expanding; below 100 indicates that it is generally contracting. The distance from 100 is indicative of the strength of the expansion or contraction.

About The U.S. Chamber of Commerce
The U.S. Chamber of Commerce is the world’s largest business federation representing the interests of more than 3 million businesses of all sizes, sectors, and regions, as well as state and local chambers and industry associations. For more information, visit uschamber.com and FreeEnterprise.com, like us on Facebook and follow us on Twitter

RSM’s purpose is to deliver the power of being understood to our clients, colleagues and communities through world-class audit, tax and consulting services focused on middle market businesses. The clients we serve are the engine of global commerce and economic growth, and we are focused on developing leading professionals and services to meet their evolving needs in today’s ever-changing business environment.

RSM US LLP is the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with 51,000 people across 123 countries. For more information, visit rsmus.com, like us on Facebook, follow us on Twitter and/or connect with us on LinkedIn.