Intruder has released its Security Middle Child Report.
The company said that its latest report has uncovered that almost half of cybersecurity leaders at midmarket businesses – companies with at least $50M revenue and between 400-6000 employees – say they don’t have the right technology solutions, leaving them stuck in what Intruder calls the “security middle child problem.”
According to the company, 46% say enterprise platforms assume more staff, budget or complexity than they can support and 29% say SME tools no longer meet their needs.
As a result of these poor fits, 42% describe their teams as either stretched, overwhelmed or consistently behind.
Midmarket companies
Midmarket companies represent a core component of the US economy. JP Morgan Chase & Co. estimates that segment consists of approximately 300,000 businesses generating $13T in annual revenue and employs over 40 million people within the US alone.
Despite its importance, Intruder’s research shows how the cybersecurity vendor market is not adequately serving the midmarket – leaving teams with limited visibility into what’s exposed (28%), too many tools to navigate (26%), and struggling to prioritise (24%).
“Just as important”
Chris Wallis, CEO and founder of Intruder said: “Midmarket companies are being treated as the middle child when it comes to cybersecurity solutions.
“They are overlooked by vendors focused on Fortune 500s or SMBs, while they are just as important and just as vulnerable to attackers.
“This is a structural problem, the majority of solutions available to midmarket security teams were never built for the position they’re now in.”
Cybersecurity leaders claim to feel confident and in control, but cracks are showing
Midmarket security leaders defy the stereotype of an overworked, underfunded team. 89% report increasing budgets. Around 70% say headcount has kept pace with their digital estate.
64% feel their posture scaled appropriately with growth. 94% are confident in their ability to identify and remediate critical risks before attackers exploit them while 51% are “very confident.”
But dig beneath those numbers and cracks appear.
65% of C-suite respondents are very confident in their ability to catch critical threats, but that drops sharply among those closer to the actual work: Directors at 55%, Senior Managers at 46%, and Middle Managers at 35%.
The further you are from the coalface, the more confident you are.
One major concern is that 51% of respondents say it would take approximately a week to assess their exposure to a critical zero-day.
In a threat landscape where exploitation can follow disclosure within 24-48 hours, a week is too long.
Midmarket digital estates are growing while teams are feeling strained
91% of respondents say their digital estate grew over the past 24 months and 38% say it grew significantly.
While many teams responsible for securing that estate are growing with it, a large portion are lagging behind: only 30% of organisations grew headcount faster than their digital estate, 17% grew more slowly and nearly 10% stayed flat.
That gap has a human cost.
41% reported their teams are dealing with feelings of strain: 21% say they are stretched but coping, 11% feel overwhelmed and stuck in a reactive mode and 9% are consistently behind and exposed.
36% of respondents acknowledge their security posture hasn’t scaled appropriately with digital estate growth.
For 14%, that gap won’t close for at least another six months.
However, only 17% are prioritising headcount this year.
The dominant investment priorities are AI and automation (49%) and adding new solutions (33%) – suggesting security leaders are reaching for technology to compensate for people.
The data suggests this isn’t working: 44% describe a stack that is either outgrown or fragmented.
The pressure isn’t evenly distributed. Healthcare shows the most strain – only 51% kept headcount at pace with their digital estate, and 26% grew more slowly.
In SaaS, that figure rises to 86%, with only 10% growing more slowly. The gap is striking in healthcare given the stakes involved.
Current tech solutions aren’t meeting their needs
44% of teams have either outgrown their stack or stitched it together from point solutions that don’t provide a unified view.
This has a cost: 26% cite navigating too many security tools as a top challenge, 24% cite too many alerts with poor prioritisation, and 20% cite the inability to measure and report on cyber hygiene.
The stack isn’t just complex – it’s actively getting in the way.
With 33% planning to add more solutions this year, the fragmentation is likely to deepen.
Underpinning this is a vendor market that isn’t built for the midmarket. 46% say enterprise platforms assume more staff, budget, or complexity than they can support.
29% say SME tools no longer meet their needs. Midmarket teams aren’t failing to use the right tools. It’s that the right tools largely haven’t existed for them.
41% of respondents report using AI pentesting, and it appears in the top five most-adopted tools for fintech, manufacturing, and retail.
Given the category only emerged 12-18 months ago, it’s unclear whether teams are using true AI pentesting or applying the term more loosely.
The intent is clear: Nearly half (49%) cite AI and automation as their top investment priority for 2026, suggesting security leaders are looking to AI to help them do more with less.
That said, AI pentesting only breaks into the top five for organisations with $500M+ revenue – implying it’s currently most accessible to companies with the most resources.
Adoption also increases with team size: 49% of organisations with 11+ security staff report using it, versus just 25% of teams with 2-5 people.
For the smallest, most stretched teams AI is supposed to help, do existing solutions risk adding complexity rather than relieving pressure?
Cyber risk isn’t a boardroom conversation
Despite growing digital estates, an increasing frequency of high-profile breaches, and signs that security posture is struggling to keep pace, cyber-risk remains largely below the boardroom.
Only 9% discuss cyber risk at board level. 34% reach executive leadership.
The majority (51%) keep it at security/IT leadership only and 7% confine it to the security team alone.
“Confidence highest where visibility is lowest”
Dan Andrew, Head of Security at Intruder explained: “The data in this report doesn’t point to a single problem.
“It points to four compounding ones: Estates growing faster than teams, confidence highest where visibility is lowest, stacks that are increasingly fragmented.
“And the relevant conversations aren’t reaching the people who need to hear it.
“Until that changes, the gap between how these teams present themselves and how they actually operate will keep widening.”
Organisations interested in reviewing the full Security Middle Child Report can find it for download here.
