A new cybersecurity report reveals a stark reality for middle market firms: while cyber insurance coverage is at an all-time high, the persistent threat of ransomware and data breaches demands constant vigilance.
RSM US LLP’s report, Middle Market Business Index Special Report: Cybersecurity 2024, was developed in partnership with the U.S. Chamber of Commerce. The report sheds light on the evolving cybersecurity landscape, marked by emerging technologies and persistent ransomware attacks. Cyber insurance coverage among middle market firms has reached an all-time high, with 76% of companies now carrying a policy, up from 68% last year.
According to the report, 28% of middle market executives reported experiencing a data breach in the past year, matching a record high from 2021. Smaller firms ($10 million to $50 million in revenue) saw an increase in reported breaches from 12% to 20%, while larger firms ($50 million to $1 billion in revenue) saw a rise from 28% to 37%. Despite the uptick in breaches, 95% of respondents expressed confidence in their current security measures.
Tauseef Ghazi, RSM’s national leader of security and privacy, emphasized the need for vigilance. “The cybersecurity landscape is complex and cyber threat actors are relentless,” Ghazi stated. He warned against complacency, noting the financial, reputational, and operational risks of cybersecurity events.
Ransomware
Ransomware attacks remain a significant concern, with 30% of middle market executives reporting at least one attack or demand in the past 12 months. Larger firms reported a decline in attacks from 54% to 41%, while smaller firms saw an increase from 13% to 21%. The report highlighted vulnerabilities in third-party risk strategies as a common factor in ransomware incidents.
Vincent Voci, vice president of cyber policy and operations at the U.S. Chamber of Commerce, stressed the importance of robust cybersecurity measures. “Amid escalating and evolving cyber threats and risks to businesses, President Biden’s administration has recast the regulatory and governance landscape to focus on rebalancing responsibility for cybersecurity, shifting liability for products and services not secured by design, and realigning incentives to favor long-term investments in security, resilience, and risk management,” Voci said. “The U.S. Chamber urges all organizations to invest more fully in cybersecurity, involve their senior business leaders in the cybersecurity conversation, and meaningfully and proactively collaborate with government agencies and law enforcement on cyber threats. Secure and trusted digital technologies are critical to national and economic security.”
The report also noted staffing challenges, with more than 60% of respondents having two or fewer data security employees. Larger firms tend to have more dedicated internal staff, while smaller firms often rely on external providers. This staffing gap underscores the need for firms to ensure they have the right expertise to address advancing technologies.
Other News: Ransomware Payments Down & Cyber Insurance Played Important Role (Opens in a new browser tab)