Cybercrime has become a reality for the middle market. While major cyber incidents and data breaches at large corporations such as Marriott and Facebook continue to capture global headlines, middle market companies are starting to recognize that they are often the prime target for cybercriminals. In the past, midsized companies often held the perception that they were too small to be a target for hackers. However, with rising concern across the board about several types of cybersecurity attacks uncovered in the RSM US Middle Market Business Index survey, these companies are starting to take notice.
According to first quarter 2019 MMBI data, 15 percent of middle market C-suite executives said their companies experienced a data breach in the last year, up from 13 percent in 2018 and a significant jump from 5 percent just four years ago. Larger middle market organizations continue to be most at risk, with high volumes of valuable data to attract cybercriminals, but lacking the robust security resources of their large-cap peers. However, the focus on data breaches can be misleading, as the term data breach typically entails a cyber incident resulting in stolen sensitive data. A wide variety of cyber incidents does not result in theft of data, such as ransomware, which interrupts business operations or types of social engineering that could cause the direct theft of funds from bank accounts.
Over half of middle market executives surveyed indicated it is likely that unauthorized users will attempt to access their organization’s data or systems in 2019. In an effort to protect their firms and individual users against cybersecurity threats, more than half of midsized companies report carrying cyber insurance. However, among those organizations with coverage, only 43 percent of executives claim familiarity with policy details. In addition to cybersecurity challenges, emerging data privacy regulations are requiring organizations to make a significant shift in how they collect and store data. The European Union’s General Data Privacy Regulation, known as GDPR, took effect in May 2018. Similar legislation is emerging in the United States, led by the California Consumer Protection Act, and congressional hearings have discussed regulation at the federal level. The new laws do not focus on how companies protect data, but rather why they have it in the first place, and these regulations create an array of new business challenges for organizations highly reliant on customer data.
Cybersecurity threats to the middle market are very broad and evolving. RSM’s survey shows that criminals show no signs of backing down in the middle market, but they are slowly shifting from attacks meant to steal data to those meant to extract payment directly from the victim. Attacks come by several means: forcing the victim to pay a ransom, stealing funds by compromising corporate bank accounts or tricking the victim into making fraudulent payments. With generally limited resources, middle market organizations must place a premium on awareness and benchmarking to help mitigate the threat of cybersecurity attacks and to comply with data privacy regulations.
For reprint and licensing requests for this article, CLICK HERE.
Stories You May Also Be Interested In
- Still Only Human
- Leaders in Law 2017 Nominees: How Safe Is Our Water Infrastructure from a Cyberattack?
- CFO Awards 2018 Nominees: CEO Watch - Cyber Security Remains Real Threat, Especially For Small-to Mid-Size Firms
- CFO Awards 2018 Nominees: Three Things Every Middle Market CFO Needs to Do About Cyber Risk
- 100 Fastest Growing Private Companies 2017: Four Ways to Manage Cybersecurity Risks
- Leaders in Law Honorees - Attorney Awards: PAUL ROSEN
- Data Attacks Open Up New Cyberspace for Firms
- CUSTOM CONTENT: Preventing, Managing and Resolving Potentially Devastating Cyberattacks