New Report from RSM Reveals Middle Market is Ground Zero for Cybersecurity Threats


The middle market is a prime target for cybercriminals, as security threats continue to increase year after year, according to the RSM US Middle Market Business Index (MMBI) Cybersecurity Special Report released today from RSM US LLP (RSM), in partnership with the U.S. Chamber of Commerce. The report revealed that while middle market companies understand the threat posed by cybercriminals, their protections have been unable to keep up with the continuously evolving methods attackers employ.
The report, which surveyed 700 full-time executive-level decision-makers across a broad range of industries in the middle market, found more than half (55%) of respondents indicated an attempt to illegally access their company’s data or systems is likely in 2020, a dramatic increase from 32% just six years ago. Additionally, 18% of middle market leaders indicated their companies experienced a data breach in the last year, up from 15% reported in the 2019 report and continuing the steady rise over the last six years. The good news is middle market companies understand the growing cybersecurity threats and are working to heighten their protections, with 71% of respondents reporting they have a dedicated function focused on data security and privacy (a 3% increase from the 2019 report).
The survey also explored the various forms of cyber attacks and revealed that the middle market continues to struggle with staying ahead of the tactics of cybercriminals. Ransomware threats remain prevalent within the middle market, with 41% of respondents saying they know someone who has suffered a ransomware attack, while 23% have suffered an attack themselves, an increase for both since the previous report. Nearly half (49%) of executives see their organizations as likely targets for a ransomware attack.
In this year’s survey, social engineering has taken the place of ransomware as the most popular type of attack in the middle market. Forty-nine percent of respondents indicated outside parties attempted to manipulate employees by pretending to be trusted third parties or high-ranking company executives, a 7% increase from the previous report. Attacks against the middle market continue to grow, and 63% of middle market executives say their businesses are likely at risk of an attempt to manipulate employees in the next 12 months.
“Each year, the number of cybersecurity threats against the middle market grows, with hackers employing more expansive and creative tactics to penetrate business systems or gain access to private data,” said Daimon Geopfert, RSM principal and leader, national security, privacy and risk. “Many leaders in the middle market recognize they need to do more to shore up their cybersecurity efforts and are taking the right steps to have the best chance of preventing a major breach. However, leaders must not become complacent or overly confident in their existing systems, as each attack further shows how quickly cybercriminals can pivot to new tactics.”
Efforts to Combat Cybersecurity Threats
The majority (95%) of executives claim they are confident in their current security stance, likely a result of increased investments in security and insurance policies. Still, companies must be cautious and not become overconfident in existing controls, or they risk creating vulnerabilities to evolving threats. As the frequency and scope of cyberattacks increase, companies face a constant battle to outmaneuver criminals when developing data security plans to help avoid or reduce the costs associated with potential threats.
The best chance middle market companies have to meet these threats is to make cybersecurity an organization-wide priority, so generally limited resources can be properly deployed. Training is typically the most effective defense against social engineering attacks, and 82% of respondents reported their organization provides training to at least some employees, a 3% increase from the previous year. The survey also shows 90% of organizations that experienced unsuccessful social engineering attacks listed employees not acting on the fraudulent request as the reason for the failed breach. Additionally, a shift to the cloud is becoming a popular option for strengthening security at middle market companies, with 42% of respondents indicating their businesses moved or are migrating data to the cloud, and 90% of executives believing the data stored there is more secure.
Another valuable protective measure middle market companies are deploying to combat the impact cybersecurity threats is cyber insurance. Sixty-two percent of respondents claim to have some cyber insurance policy to mitigate risk, an increase of 5% from the year before. However, although the use of cyber insurance is increasing, less than half (48%) of the companies that carry policies are familiar with their coverage levels. This presents significant challenges, as providers have started making changes to coverage and excluding features and larger risk items, which were previously covered.
Beyond the proactive measures middle market companies are taking to secure their data, they must also remain aware of regulatory and legislative actions that dictate how private data must be handled. Companies need to be prepared as emerging data privacy laws shift focus from protecting the data companies collect to determining why they have that data in the first place. The European Union’s General Data Protection Regulation (GDPR) is the model for international data laws and future data privacy regulation in the U.S. While many middle market companies are subject to GDPR regulations, only 39% of executives in the survey say they are familiar with the requirements of the law. This lack of familiarity must shift to ensure middle market companies aren’t subject to fines or penalties imposed for a compliance violation, especially as similar legislation is passed on a federal and state-by-state level.
Cybersecurity in the Age of COVID-19
While the data in the RSM US MMBI Cybersecurity Special Report was collected before COVID-19 hit, the pandemic has increased the complexity of cybersecurity challenges for the middle market. As a distributed workforce has become even more dependent on the internet to remain productive, hackers are taking advantage of the crisis by unleashing a variety of attacks that middle market companies are less equipped to address.
“One of the biggest cybersecurity challenges companies face is the cultural shift or divide from a remote workforce,” said Ken Stasiak, RSM principal and leader of security transformation services. “The effects of a divided workforce, now more connected via technology than ever, allows potential attacks to exploit the trust of employees and flaws in technology to gain access to company resources.”
As resources shift from security to sustainability in the middle market, the COVID-19 crisis perfectly demonstrates how cyberattacks can evolve quickly in an attempt to expose weaknesses when attention is focused elsewhere. Cybercriminals around the world are deploying persistent campaigns that prey on the uncertainty and fear related to the health crisis and the surge in employees working from home. This has made the middle market more vulnerable than ever, as remote desktops often do not have the same levels of security as on-premise networks and criminals are increasing their phishing attempts by posing as guidance or advice from a company resource or a legitimate organization. While middle market companies are largely confident in their existing controls, they must remain ready for any scenario by proactively communicating the risks, emphasizing where predators may be lurking and adjusting security policies as necessary.
The survey data that informs the index reading was gathered between January 13 and January 31, 2020. To learn more about the middle market and the MMBI, visit the RSM website.
About the RSM US Middle Market Business Index
RSM US LLP and the U.S. Chamber of Commerce have partnered to present the RSM US Middle Market Business Index (MMBI). It is based on research of middle market firms conducted by Harris Poll, which began in the first quarter of 2015. The survey is conducted four times a year, in the first month of each quarter: January, April, July and October. The survey panel consists of 700 middle market executives and is designed to accurately reflect conditions in the middle market.
Built in collaboration with Moody’s Analytics, the MMBI is borne out of the subset of questions in the survey that ask respondents to report the change in a variety of indicators. Respondents are asked a total of 20 questions patterned after those in other qualitative business surveys, such as those from the Institute of Supply Management and National Federation of Independent Businesses.
The 20 questions relate to changes in various measures of their business, such as revenues, profits, capital expenditures, hiring, employee compensation, prices paid, prices received and inventories. There are also questions that pertain to the economy and outlook, as well as to credit availability and borrowing. For 10 of the questions, respondents are asked to report the change from the previous quarter; for the other 10 they are asked to state the likely direction of these same indicators six months ahead.
The responses to each question are reported as diffusion indexes. The MMBI is a composite index computed as an equal weighted sum of the diffusion indexes for 10 survey questions plus 100 to keep the MMBI from becoming negative. A reading above 100 for the MMBI indicates that the middle market is generally expanding; below 100 indicates that it is generally contracting. The distance from 100 is indicative of the strength of the expansion or contraction.