This story appears in full in the March/April 2016 issue of Middle Market Growth.
The past year has generated some big headlines about data breaches—all with large companies on the losing end. But that doesn’t mean smaller firms have escaped hackers’ attention. The number of attacks reported by midsize companies (those with revenue of $100 million to $1 billion) increased 64 percent from 2013 to 2014, according to a survey PwC conducted with CIO and CSO magazines. For midsize U.S. organizations, the estimated average financial losses for detected incidents totaled $1.8 million per company.
“When I talk with senior people in government, they say they’re more worried about the small and midsize companies, because the big guys are spending more money on cybersecurity,” says David Burg, PwC’s global and U.S. advisory cybersecurity leader. Attackers will want to spend time where they’re more likely to have a higher rate of return, he says.
With relatively small staffs managing large sums of money, middle-market private equity firms easily fall into that category. “There are very attractive targets, like limited partners, who might be ultrahigh net worth individuals. (Cybercriminals) may want to go after that person or their family office to make fraudulent financial transactions,” says Dave Dalva, vice president of security science for digital risk management firm Stroz Friedberg. “It’s a dichotomy, in the sense that you have a smaller company with high-impact information. But they often have relatively immature security programs.” […]