In the ever-evolving landscape of cybersecurity, understanding the challenges, solutions, and opportunities is crucial for businesses of all sizes. The ninth edition of the RSM Middle Market Business Index (MMBI) Cybersecurity Report, conducted from January 8 to February 16, 2024, sheds light on the cybersecurity landscape for middle-market companies. Drawing insights from 403 middle-market executives across various industries, the report highlights the current state of cybersecurity, the measures businesses are taking to address risks, and the emerging opportunities in the digital realm. Below, we break down the key findings.
The Challenges: Persistent Threats and a Record High in Reported Breaches
2024 marks the ninth year of RSM’s MMBI survey, and cybersecurity challenges remain front and center for middle-market companies. Reported breaches remained at a record high, with 28% of respondents noting they faced the threat of ransomware attacks—on par with 2023. Even more concerning, 33% reported being impacted by at least one attack.
Despite these challenges, 95% of business leaders expressed high confidence in their cybersecurity measures. This confidence stems largely from two factors: the move to cloud environments and increased investment in cyber insurance. In fact, a record number of middle-market companies (55%) have shifted to the cloud, with 85% of respondents feeling more secure with their data stored there. Additionally, the adoption of cyber insurance has grown, with 76% of companies now carrying a policy, up from 68% in 2023.
Addressing Challenges: Gaps in Resources and the Need for a Balanced Approach
While many companies have invested heavily in cloud migration, their spending on cybersecurity staffing and budgets has not always kept pace. Nearly half (48%) of larger middle-market firms and 29% of smaller ones have increased their cybersecurity budgets. Yet, over 60% of respondents indicated they have just two or fewer security and privacy personnel, and 27% of smaller organizations have no dedicated internal cybersecurity staff.
This disparity is reflected in a noticeable gap in confidence regarding cybersecurity tools. Larger middle-market companies are more confident (93%) in implementing cybersecurity technologies than their smaller counterparts (73%). Additionally, 88% of larger companies believe they are generating value from their cybersecurity investments, compared to just 60% of smaller firms.
Risks and Opportunities: Navigating the Cloud and Beyond
The shift to cloud environments offers both significant opportunities and new risks. A striking 89% of respondents feel more secure with a shared responsibility model when it comes to cloud data management. However, successful cloud adoption requires more than just a ‘lift and shift’ approach. Moving data into the cloud can fundamentally change an organization’s cyber risk profile, especially since many cloud services are public facing.
To mitigate these risks, businesses must focus on identity and access management. As the perimeter of cybersecurity extends beyond networks and devices, the identities of individuals and organizations accessing data become the new focal point. Effective identity management is crucial to reducing vulnerabilities during and after cloud migration.
Third-party relationships also add complexity to the cybersecurity landscape. Businesses must carefully vet their vendors and service providers, as third parties can increase both cybersecurity and business risks. It’s essential to have clear agreements on shared responsibilities in the event of a breach and to establish a strong relationship with technology partners who will support the organization during a crisis.
Key Considerations for Cloud Security:
- Misconfiguration: A common cause of breaches, emphasizing the need for careful oversight.
- Strategic Planning: Businesses should take a holistic view of their cloud platforms and usage patterns.
- Compliance: As companies move to the cloud, they must consider regulatory requirements and understand where their data resides.
The Road Ahead for Middle-Market Cybersecurity
The 2024 RSM MMBI Cybersecurity Special Report underscores that while risks remain high, middle-market companies continue to adopt new strategies and technologies to bolster their cybersecurity postures. Confidence in cybersecurity programs is growing, driven by cloud adoption and cyber insurance. However, to truly thrive in the digital age, organizations must maintain a balanced approach, invest in adequate staffing, and continuously refine their cybersecurity processes. As Bruce Schneier aptly put it, “Security is not a product, but a process”—a reminder that ongoing vigilance and adaptation are key to staying ahead of cyber threats.
