United States

Hackers increasingly target upper middle market companies


Middle market companies may not be taking the threat of a data breach seriously enough as hackers increasingly target business in the sector's upper tier, a recent RSM poll shows.

Businesses with revenues of $50 million to $1 billion are now in hackers’ sights, and many midsize companies  may be overconfident about the steps they have taken to shore up their information, according to RSM’s first quarter US Middle Market Leadership Council Survey.  The survey included a special set of questions surrounding information and data security.

Middle market businesses overall are seeing a steady rise in data breaches, with 13 percent reporting incidents in the first quarter of 2018, compared to just 5 percent in the same period three years ago. Of the larger middle market companies surveyed by RSM, nearly twice as many—some 19 percent—report a first quarter breach, compared to 10 percent two years ago. 

“While smaller organizations are easier to target, they often don't have enough data for hackers to monetize,” says Daimon Geopfert, national leader of security, privacy and risk for RSM US LLP, adding that hackers “are becoming more professional in their approach.” “They are actively going after upper middle market companies, which don't have the robust defenses of larger corporations. That's really their sweet spot.”  

Nearly half of middle market businesses (47 percent) indicate a likelihood that unauthorized users will attempt to access the businesses’ data or systems in 2018, the survey found. However, the majority (93 percent), remain confident in their organizations’ existing measures to safeguard sensitive customer data. “There's almost a rationalization going on; they are trying to convince themselves that they are a little more protected from a potential data breach than they really are,” Geopfert says.

A little more than half of middle market businesses (52 percent) said they carry cyber insurance to protect their businesses and individual users from internet-based threats. Meanwhile, 18 percent of middle market businesses claimed they experienced a ransomware demand during the last 12 months. Of those impacted, half claimed more than one attack, and 44 percent said their existing security and operational controls were not completely successful in dealing with the breach.

Vincent Voci, senior policy manager for national and cybersecurity at the U.S. Chamber of Commerce, calls for more vigilance on the part of businesses. "By using sound risk management tools, like cyber insurance, middle market businesses can improve their security and resilience postures and make the price of illicit hacking increasingly steep," Voci says.

Geopfert says increasing incidences of middle market cybercrime may be exacerbated by views among middle market executives that their businesses are too small to draw attention from hackers.

“The problem is a lot of the hacking is automated. It simply grinds around the internet and looks for vulnerabilities,”  he says. “To the hackers you are just an IP address and numbers, and the internet is a giant, agnostic blob of numbers. From that perspective, everyone is a potential target.”

Look for RSM's comprehensive report on data security and the middle market, coming in April, and download the RSM US Middle Market Business Index.


How can we help you?

Contact us by phone 800.274.3978 or
submit your questions, comments, or proposal requests.


Complete our Cybersecurity Rapid Assessment form to be contacted about receiving our "quick-hit" evaluation of your organization’s overall security risk.

Learn more