Nearly half of midmarket executives (47%) in a newly released quarterly report cited cybersecurity as their top concern for the coming year. The Middle Market Indicator report, by Chubb and the National Center for the Middle Market (NCMM), shows that cybersecurity topped the list of concerns for the second quarter in row.
The concern isn’t surprising. Any executive who pays attention to the cyber threat landscape is bound to feel trepidation about the potential for cyber attacks against their organization. A study published by The Conference Board earlier this year found that cybersecurity is the top business concern for U.S. CEOs. Other studies have revealed similar findings.
One inescapable realization from all the research is that cyber fears affect companies of all sizes, regardless of their resources. While it’s true that a midsize company would have a harder time than an enterprise recovering from a cyber attack that causes $25 million in losses, the level of vulnerability at midmarket companies isn’t as different from enterprises as commonly believed.
In July, (ISC)2 released a report called Securing the Partner Ecosystem that contradicts much of the conventional wisdom about the difference in risk, vulnerability and preparedness between enterprises and smaller companies within the supply chain.
The study found that most businesses regardless of size use the same best practices to strengthen cyber defenses, such as antivirus scanning, firewall configuration, and email filters to prevent phishing. The study also contradicted the notion that smaller companies have fewer workers dedicated to cybersecurity than enterprises. Proportionally, in some cases smaller companies have bigger teams than their large enterprise counterparts.
Building a Security Posture
Concern over cybersecurity among midmarket executives is understandable because the threats are real. But midmarket companies, as well as smaller businesses, in most cases have as good a chance at protecting themselves as large organizations. Affordable options for building a security posture are now within reach for companies of all sizes.
There was a time when advanced security solutions were out of scope for businesses other than enterprises. Technology was costly and implementations were complex. But while complexity hasn’t gone away, especially as hybrid IT environments become the norm, there is enough technology now available for smaller budgets.
Even companies with insufficient in-house resources can protect themselves by contracting with managed services security providers (MSSP) that deliver services and remote monitoring on a subscription basis. For midmarket companies worried about cyber attacks, working with a MSSP is an attractive option.
A healthy concern over cybersecurity among midmarket executives is actually a positive sign. It shows awareness of the problem, and awareness is often the first step to finding a solution. The challenge is to channel the concern into action in order to build a robust security posture, as opposed to feeling helpless in the face of a significant challenge.
Here’s what midmarket executives need to do: Do your research, find out how other companies have built successful cyber programs, follow established industry best practices for cybersecurity defense, and don’t be afraid to ask for help from third-party experts if that’s what it takes.