Ransomware attacks at middle market firms jumped significantly in 2020
One-third of middle market organizations reported ransomware attacks in 2020, according to a recent cybersecurity special report from RSM. The consulting firm surveyed 700 middle market executives.
Last year was the busiest year for ransomware attacks since RSM started collecting data in 2015, with the proportion of organizations reporting attacks increasing to 33% from the 23% registered in 2019. Many leaders attributed the growth in attacks to challenges from the Covid-19 pandemic.
Furthermore, 51% of respondents reported social engineering attacks, wherein parties attempted to manipulate employees and gain access to systems by impersonating managers or trusted third parties (a marginal increase of 2% from 2019). However, 45% of social engineering attacks were successful last year compared to 28% in 2019.
Of the companies that experienced a social engineering attack, 67% said it was related to the Covid-19 pandemic, with the most common attack exploiting vulnerabilities from the switch to remote work.
Overall, the survey found that 28% of middle market companies experienced a successful data breach, a sharp increase from 18% in 2019.
According to Tauseef Ghazi, leader of security and privacy services at RSM, many companies lacked the experience to manage the swift remote work transition, so increased vulnerabilities were inevitable. However, middle market firms may be turning the corner on the cybersecurity.
“The middle market is still under immense pressure from hackers and that is not likely to change any time soon, but the tide may be slightly turning, as executives make adjustments to staffing, controls and security policies, and begin to see the benefits of those investments,” Ghazi said. “Middle market leaders generally understand that they are not too small for criminals to ignore, and that keeping pace with security and privacy advancements can go a long way to discouraging and deflecting breach attempts.”
The survey found that 71% of companies now have a dedicated data security and privacy function. Most executives (93%) are confident in their current measures to safeguard data. With boosted threat surfaces and eagerly opportunistic hackers brought out by the pandemic, many companies have made security a top technology investment priority. Indeed, 33% of executives said they added data security staff last year – a record for the survey.
Middle market leaders believe training is the top defense, with 90% providing training to detect, identify, and prevent hacking attempts – up from 82% in 2019. Respondents also view cloud infrastructure as a security benefit, with 40% saying they moved or migrated data to the cloud for security concerns in 2020.
Cyber insurance is also an increasingly important pillar of security strategy as breaches multiply. Sixty-five percent of leaders said they have a cyber insurance policy, and of that group, 64% believe they understand the policy coverage – up from 48% last year.
Increasing data privacy data regulation is also drawing greater attention from middle market executives. Since the EU’s GDPR law was implemented in 2018, more than a dozen US states have passed their own data privacy laws.
More than half of respondents said they are familiar with GDPR requirements, up 16% from 2019. Most (92%) think their companies will have to comply with privacy legislation similar to GDPR at the state or federal level with two years.