The age of big data translates to even bigger risks for businesses of all sizes, but middle-market companies are particularly vulnerable.
While widely reported hacks of large corporations such as Equifax and Uber made headlines in 2017, there was less news coverage of the security breaches of midsize businesses, which are increasingly landing in the crosshairs of cybercriminals.
The number of middle-market companies that have experienced data breaches over the last three years significantly increased—to 13 percent from 5 percent, according to the RSM US Middle Market Business Index.
Bigger middle-market businesses with enough scale to attract cybercriminals typically lack the defensive resources of their large-cap rivals and have become targets, according to data collected from about 400 middle-market executives.
From ransomware attacks and identity theft to intellectual property risks and privacy concerns associated with the increased use of digital currency, the security of electronic information is set to remain among the biggest challenges facing companies in the 21st century.
Cybercrime behaves much like a mutable disease, continually evolving, pushing new boundaries, finding vulnerabilities and subsequently exploiting weaknesses.
There are few signs of crime abatement in the ever-changing cyber landscape. Nearly 50 percent of midsize companies expect they will face unauthorized users attempting to breach their data or systems this year, according to the executives surveyed.
Moreover, despite incidents of rising cybercrime, just half of the businesses surveyed carry cyber insurance policies to protect against internet-based risk. The RSM study shows that many of those policies may fall short of comprehensive coverage.
Meanwhile, the C-level executives surveyed may be overly confident in their firms’ internal abilities to thwart an attack. Some 93 percent of respondents were confident in their organizations’ ability to safeguard customer data. The reality—based on actual incident reports—is proving that confidence may be misguided. While smaller companies were hardest hit last year, midsize companies with annual revenues of $50 million to $300 million accounted for a fifth of cyber incidents, according to NetDiligence, which produces a yearly report, sponsored by RSM, that tracks cybercrime. Those companies with higher levels of income suffered significantly fewer incidents.
Cybercrime behaves much like a mutable disease, continually evolving, pushing new boundaries, finding vulnerabilities and subsequently exploiting weaknesses. The RSM US Middle Market Business Index special report was developed to shed light on some of the important trends related to cyber incidents in the middle market, and the steps that midsize companies can take to mitigate ongoing risk. For more information and to download the report, visit rsmus.com/cybersecurityreport.
This article originally appeared in the January/February 2018 issue of Middle Market Growth. Find it in the MMG archive.
Daimon Geopfert is responsible for the development of RSM’s strategy related to security, privacy and risk services. He has over 20 years of experience with information security disciplines.