When it comes to cyberthreats, the old adage held true in 2020: the more things change, the more they stay the same. Hackers and other electronic criminals continued their relentless pursuit of data and sensitive information from middle market businesses, leading to record levels of several types of attacks. The middle market continues to represent a sweet spot for hackers, with companies possessing a significant amount of valuable data, but lacking the level of protective controls and staffing of larger organizations.
The COVID-19 pandemic also altered the threat landscape in the middle market due to the rapid large-scale shift to a remote work environment and more dependency on the internet to remain productive. Many companies simply did not have experience with managing such a transition, and security vulnerabilities—even for a short amount of time—were almost inevitable. Criminals were quick to strike, unleashing a host of attacks ranging from widespread malware and viruses to targeted social engineering and phishing attacks.
After years of increasing breach attempts and successful breaches, the middle market understands the risks that cybercriminals can pose. However, while the pandemic caused a global lockdown and generally kept people at home without the luxury of venturing out to a restaurant or a movie, hackers were locked down as well with little to do but hone their craft and exploit vulnerabilities.
2021 Cybersecurity Special Report
Recognizing and addressing increased cybersecurity risks
Middle market executives provided insight into the rise in data breaches in a recent RSM US Middle Market Business Index survey, while also detailing ongoing cybersecurity concerns and the evolving controls and strategies employed to address security threats and combat hackers.
According to first quarter 2021 MMBI data, 28% of middle market executives claimed that their company experienced a data breach in the last year, the highest level since RSM began tracking data in 2015 and a sharp rise from 18% just last year. Larger middle market organizations were most at risk, as 42% of executives at such companies reported a breach, compared to 16% at smaller counterparts.
The middle market continues to increase investment in a variety of protective measures and 71% of respondents have a dedicated function focused on data security and privacy. However, with the frequency of breach attempts and the ongoing uncertainty and unknown road back to normal in the wake of COVID-19, 64% of respondents anticipate that unauthorized users will attempt to access data or systems in 2021, another significant increase from 55% in both 2019 and 2020.
In this challenging threat environment, cyber insurance should become even more of a priority. The RSM survey found that 65% of middle market organizations carry a cyber insurance policy, a slight increase from last year’s 62%. Even more important though was the jump in respondents who claim familiarity with what their policy covers—up to 64% from 48% last year.
Managing an evolving data privacy landscape
In addition to consistently rising cybersecurity risks, the data privacy regulatory landscape continues to shift, and compliance demands are becoming more of a reality for middle market businesses. The European Union’s General Data Protection Regulation was implemented in 2018, providing a new standard for how EU resident data is collected and stored. Unlike security guidelines, the GDPR is not focused on how companies secure data, but why they have that data.
The GDPR has inspired several subsequent data privacy regulations in several individual states, including the California Consumer Privacy Act. Over a dozen states have signed privacy regulations into law, and a federal standard is likely on the horizon. During the 2020 presidential election, data privacy was an element of both parties’ platforms, but it was a bigger point of emphasis for the Biden campaign. With the middle market’s reliance on data to drive decision-making, new laws could require substantial changes to policies and processes.
Awareness is critical with data privacy legislation, and RSM MMBI data shows that 55% of executives are familiar with the requirements of the GDPR, another significant jump from last year’s data (39%). In addition, nearly all respondents familiar with the GDPR (97%) indicated that preparing for emerging privacy legislation is at least a priority of minor importance, which is consistent with last year’s data.
Utilizing peer data and insight into middle market trends
Cyberattacks and breach attempts were already steadily on the rise in the middle market, and the COVID-19 pandemic has only intensified the threat. In this environment, companies must take advantage of benchmarking opportunities and peer insights to develop an effective defensive stance with generally limited resources. RSM has developed this report to provide relevant middle market cybersecurity insights and data privacy trends, as well as to outline strategies organizations can implement to strengthen security and privacy programs.
Do you have questions or want to talk?
Call us at (800) 232-9547 or fill out the form below and we’ll contact you to discuss your specific situation.
This article was written by RSM US LLP and originally appeared on 2020-05-06.
2020 RSM US LLP. All rights reserved.
https://rsmus.com/economics/rsm-middle-market-business-index-mmbi/cybersecurity-special-report.html
RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit rsmus.com/aboutus for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.
Insero & Co. CPAs, LLP is a proud member of RSM US Alliance, a premier affiliation of independent accounting and consulting firms in the United States. RSM US Alliance provides our firm with access to resources of RSM US LLP, the leading provider of audit, tax and consulting services focused on the middle market. RSM US LLP is a licensed CPA firm and the U.S. member of RSM International, a global network of independent audit, tax and consulting firms with more than 43,000 people in over 120 countries.
Our membership in RSM US Alliance has elevated our capabilities in the marketplace, helping to differentiate our firm from the competition while allowing us to maintain our independence and entrepreneurial culture. We have access to a valuable peer network of like-sized firms as well as a broad range of tools, expertise, and technical resources.
For more information on how Insero & Co. CPAs can assist you, please call (800) 232-9547.
