Middle-market companies are facing the bleak reality that they must increasingly combat cyber threats on their own – with little help and fewer resources than their larger counterparts. Many are finding that they are prime targets ready for ambush by cybercriminals. Because of their modest size, limited resources and long-held perceptions that midsize companies are too small to be targets, hackers have capitalized on their vulnerability. Middle market businesses have in many ways become sitting ducks at a time when cyber threats are more commonplace, sophisticated and increasing in severity and scale.

Alone in the fight.

With headlines focusing on breaches experienced by large corporations, it may come as a surprise that 85 percent of all cyber-attacks target companies with less than $2 billion in revenue. However, this group is largely overlooked by the federal government, policymakers and law enforcement. While recent policy efforts have been focused on helping large corporations with complex technology, infrastructure and defenses, nobody seems to be looking out for the most vulnerable. Not only have these efforts driven cyber criminals to shift their focus to the middle-market, which can be just as lucrative, but they have left midsize companies with few adequate defenses and little guidance. Without dedicated IT security departments or sophisticated technology defenses, these companies often have nowhere to turn.

When actually faced with a cyber-breach, it’s often like being in the Wild West without any sheriffs. Local police generally aren’t equipped to handle advanced cyber-attacks. And while the FBI will certainly listen to claims of cyber threats from companies, they’re often unable to assist, unless the attack is against a systemically critical institution or the dollar amount of the threat or breach is extremely high.

The growing gravity of the problem.

Middle market companies are acutely aware of how alarming the problem of cybercrime has become. They’re experiencing a significant rise in cyber-attacks that are getting increasingly more sinister. Greater than half of middle market executives surveyed recently by RSM believe that an attempt to illegally access their company’s data or systems is likely in 2019, an increase from 47 percent in 2018. According to RSM’s Middle Market Business Index Cybersecurity Special Report, among attacks, Ransomware has become the most popular breach method for cybercriminals, responsible for nearly one third of losses.

With fewer resources available to respond and react, a shockingly large number of companies that experience a major cyber breach are forced to shut down their operations.  Between 50-60 percent of small and medium-sized businesses report going out of business within 6 months of a breach, according to recent SEC estimates. Larger middle market organizations are the most at risk because they have high volumes of valuable data that attracts cybercriminals but lack the robust security resources of their large corporate peers.

As a result, cyber insurance is becoming more and more pervasive, though businesses often don’t fully understand their insurance needs or crucial details of their protection plans. Adding insult to injury, the privacy and reporting compliance burden on middle market firms continues to grow, with potential for even greater complexity due to individual state mandates like California’s and Europe’s GDPR adding to their pain. And according to RSM, only 40 percent of executives say they’re familiar with the guidelines of GDPR or other privacy regulations.

No quick fix, but time to harden the approach.

While there are no quick or easy solutions to the problem, lawmakers can help by providing clear guidance, tools and easy-to-find resources tailored to the unique needs of middle market companies. For middle market businesses, the time is now to address this unfortunate new state of cybercrime and harden cyber defenses head on. Companies should develop and refine their cybersecurity frameworks to protect both internal and customer data through better, more advanced technology, streamlined processes for identifying and addressing threats and further employee education and direction for the entire organization.   

As the cyber war on middle market organizations continues to intensify, all involved must bring a new urgency to addressing these unfortunately new realities or risk further damage to a crucial though already distressed segment of our economy.