Mid-market businesses are experiencing an exponential increase in cyber-attacks. As their technological footprints increase to keep up with their enterprise competitors, mid-market companies have opened themselves up to new attack vectors. Marcela Denniston, CISSP, SVP of Marketing, Foresite Cybersecurity, discusses why these businesses need to consider the cybersecurity implications of increased connectivity as they work to support increasing revenue streams through technological expansions.
With expanded attack footprints, limited resources, and a lack of expertise in cybersecurity, mid-market businesses are considered “soft targets†for hackers. To make matters worse, the increased volumes of attacks has driven new legislation that requires decreased cyber risk exposure and increased responsibility for businesses. With constant demands to remain competitive and high liability for cyber-attacks, mid-market enterprises have a critical responsibility to implement cybersecurity controls now more than ever.
Mid-Market Challenges in Cybersecurity
The expansion of data and technology can significantly benefit businesses in the mid-market. It allows businesses to scale and ultimately remains relevant against their enterprise competitors with less budget. Companies have now shifted their investments into technology without realizing that these tools open new access points into their sensitive data stores, creating unknown risks that require cyber expertise to help mitigate.Â
Today, mid-market companies are transforming into small enterprises. Conversely, they do not invest the same resources and capital into securing these new digital environments as they do in fast-tracking their way to higher revenue. Cyber hackers are aware of this challenge faced by mid-market businesses. They have made it a point to take full advantage of this opportunity to access information that can be stolen and used for financial gains. A recent study conducted by CoroOpens a new window indicated that mid-market organizations were as much as “490% more likely to experience a security breach by the end of 2021 than they were in 2019â€. This is a clear sign that attackers are aware of the value of the information held by these companies and are ready to take advantage of it.Â
Lack of Expertise, Resources and Budget
Even with attacks becoming more prevalent in the mid-market, businesses still do not understand the implications of an attack on their bottom line. For the mid-market, cybersecurity is often treated as a non-issue, with businesses investing little to no budget on security until they experience a breach. Funding for cybersecurity is often lumped in with IT budgets, where dollars are typically invested on improving access and availability versus security. In addition to funding, expertise in cybersecurity has also not been at the forefront of mid-market business goals. With limited resources focused on cyber security, mid-market companies lack a strategic perspective on understanding how to minimize cyber risk and build a successful security plan. Breaches incur costs to mitigate, including investigation costs, brand recovery, downtime and fines where negligence is identified. Without a cyber expert on staff to help implement security measures to prevent an attack, mid-market businesses that experience a breach will often suffer significant revenue losses, if not complete closure of their business.
See More: A Midsize Company’s Guide to Ransomware Protection
Increased Insurance Premiums and Legislative Accountability
Since cyber security operations are not accounted for in mid-market budgets, businesses tend to rely on cyber insurance to provide coverage in case of a cyber security incident. While insurance offers some guarantee of help during a breach, the rise in attacks has created increased scrutiny for insurance companies, causing steep cyber insurance premiums. This has led to an increase in compliance and security analysis by insurers to quantify the risk associated with businesses before providing quotes and issuing policies.Â
Both insurers and the government are beginning to address accountability by businesses for cyber-attacks. In 2021, 18 new legislations associated with privacy regulations, compliance standards, cyber awareness, and breach notifications were introduced. Negligent behaviors by mid-market businesses that lead to a breach will now mean increased insurance premiums and fines.Â
How Mid-Market Businesses Can Address Cybersecurity
With increased attack surfaces, liabilities, and potential business loss, mid-market businesses are responsible for treating cybersecurity as a standard part of their strategy and operations. With budgetary limitations, mid-market businesses must manage their cybersecurity differently than their enterprise counterparts. Instead of building an entire cybersecurity team in-house, mid-market companies should hire one or two strategic cyber experts or advisors that can help focus on understanding the business risks and build a strong security plan. The key component to accomplishing this is identifying a security framework to align with and setting attainable goals to improve your security posture over time continuously. This will not only help mid-market businesses prevent cyber-attacks, but also reduce insurance premiums and liabilities.
Outsourcing is also an excellent choice for businesses that cannot build an internal cybersecurity team. Managed Security Service Providers (MSSPs) and virtual Chief Information Security Officers (vCISO) are available today to help build security plans and implement them. A benefit of working with an MSSP is that you can combine your product purchases and services under one provider, making procurement and management of cybersecurity easier. Outsourced security providers can even supply Key Performance indicators (KPIs) to show your executive team the return on investment for security purchases. This includes providing indicators of attacks that were prevented or mitigated more rapidly, reducing business damages and financial losses.
Mid-market businesses can no longer continue to run under the impression that they are unlikely to be attacked. Increased awareness and liabilities will be critical in protecting mid-market businesses from the crippling effects of an attack that are eminent to this market space.
What advice would you give mid-market companies trying to ramp up their cybersecurity? Share with us on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We love learning from you!