Middle-market companies show cybersecurity, coverage deficiencies
Many mid-sized firms lack an incident response plan, but a majority are investing in cybersecurity this year.
Nearly a quarter of mid-sized businesses reported being victims of a cyberattack or were uncertain if they had a cyber breach during the past 12, according to a report from managed security platform provider Huntress Labs, Inc. Mid-sized businesses were defined as companies with 250-2,000 employees in Huntress’ study.
According to Huntress, around 70% of respondents said they are required to carry cyber coverage. However, 35% are finding it extremely difficult to obtain coverage, while 27% of middle-market organizations don’t have any cyber insurance.
Additionally, 47% of middle-market companies have no incident response plan. Around one-third of companies surveyed are not using basic defensive measures, such as threat monitoring, vulnerability scanning and patch management.
On top of failing to deploy basic security measures, 40% of these organizations said they don’t conduct regular formal security training, with 15% doing no training at all. Around 60% said they regularly conduct cybersecurity training.
However, only 9% of employees adhere to security best practices.
Offering additional training on how to spot threats and avoid them is a critical element to any cybersecurity program, Huntress reported, and an opportunity for mid-sized businesses to quickly scale up their security posture.
Middle-market companies have room for cybersecurity improvements, and 49% of companies said they plan to spend more to institute those improvements during the year ahead. Huntress reported that 43% plan to maintain their current cybersecurity spending, while just 7% plan to cut costs in this area.
Concerning budgeting for cybersecurity, Huntress found 38% of mid-sized businesses base spending on the company’s needs and priorities, while 34% budget to address gaps in their security. Around one-third base the budget on compliance requirements.
Related: