- Mid-sized companies are facing unique challenges in managing their cybersecurity programs, as limited IT security staff, smaller budgets and a lack of awareness among top executives slow their capabilities to respond during a crisis, according to a report commissioned by Egnyte.
- Less than two-thirds of companies have a formal incident response plan in place, according to the report. Such a lack of preparation puts many organizations in jeopardy during an actual attack, particularly in the event of ransomware, because the ability to track down and mitigate a breach can take up valuable time.
- The rising cost of cyber insurance continues to be an issue for mid-sized companies. Research shows almost half of all the companies surveyed saw rate increases of 76% or more during the past year.
Unlike billion dollar enterprise firms, companies in the mid-market range cannot support 24/7 security operations staffing. Mid-sized businesses often also lack the budget to hire top cybersecurity firms, ransomware negotiators or white-glove law firms to help with regulatory compliance.
What's more troubling is many mid-sized companies are inadequately prepared to respond to cyberattacks with a formal incident response plan.
“Incident response plans are key drivers to maintaining employee productivity, customer service and executive communication during potential cyberattacks,” Neil Jones, director of cybersecurity evangelism at Egnyte, said via email.
Jones and other experts agree it's best practice to have an up-to-date plan in place and practice tabletop exercises.
Forrester analysts also warn companies to have their preselected incident response partners in place and prepare before an actual attack.
Cybersecurity awareness training remains an issue, as less than half of mid-sized companies in the survey train more than three-quarters of employees. However, nearly two-thirds of organizations conduct cybersecurity training once every quarter.
The report is based on an online survey of 400 C-level executives at U.S. companies, with anywhere from 100 to 1,000 employees. Over half of survey respondents work in CIO, CTO or IT security roles, while almost one in five work in data roles.
A December 2021 report from Gartner shows the responsibility for security usually falls to a CIO or another senior-level IT executive at mid-sized firms, as opposed to a dedicated chief security officer.