Despite a rise in cybersecurity risk middle market business are not investing enough to protect themselves against potential attacks, according to a recent report.
The report from RSM US, in partnership with the U.S. Chamber of Commerce, found that the number of middle market companies reporting breaches has nearly tripled in the last three years, yet most executives remain confident in their existing data security measures and investments.
Executive confidence in their security measures has risen to 93% from just 75 percent three years ago according to the RSM US Middle Market Business Index Cybersecurity Special Report.
However, 47% of middle market executives indicate an attempt to illegally access their data or systems is likely, a significant increase from the 39% over just two years ago. Some of the top cyber threats concerning the middle market include ransomware and social engineering.
RSM found that nearly two-thirds of middle market companies (65%) updated security protocols, while 52% purchased new or upgraded software and 41% updated internal privacy policies. The research also found that 54% of middle market executives said their businesses are likely at risk to an attempt to manipulate employees in the next 12 months.
The first line of defense in many instances is people,” said Ken Stasiak, consulting principal with RSM US. “Awareness and cultural changes can go a long way in reducing the likelihood of a ransomware attack. The implementation of specific technical controls in conjunction with awareness should be a focus for organisations. Don’t rely on one control or technique since most attacks evolve very quickly.”
According to the report, 20% of middle market executives consider GDPR compliance to be relevant to their business. In addition, 45% of the middle market organisations surveyed indicated GDPR compliance will be a major effort. Larger middle market organisations with revenues between $50m to $1bn in annual revenues are more likely to be impacted.
“GDPR is an indicator of the very likely course of upcoming privacy laws in the U.S., and organisations would be well-served to start implementing GDPR-style processes around data privacy and consent,” Daimon Geopfert, principal and national leader of security & privacy services with RSM US, added.
Copyright © 2018 RegTech Analyst
Copyright © 2018 RegTech Analyst