Cybersecurity remains a major concern for businesses across the country.
A new report from RSM found that while breaches fell slightly in the last year, an elevated threat persists, especially for middle market companies.
According to the 2023 RSM US Middle Market Business Index Cybersecurity Special Report, 20% of middle market executives said they experienced a data breach in the last year.
That’s down from 22% in the previous year.
However, the amount is still twice as high as it was seven years ago.
Larger middle market companies faced a higher risk (28%) than smaller companies (12%.)
RSM surveyed 406 senior executives at midsize organizations for the report, which was released May 18.
It showed a slight decline in the number of executives anticipating unauthorized users attempting to access their data or systems from 72% last year to 68% this year.
As the digital shift increases, and companies rely more heavily on technology, the importance of cybersecurity is only growing.
With the onset of the pandemic, more companies moved their infrastructure to the internet and cloud.
“Even organizations that could never fathom the idea of having remote servers and cloud systems had to make it work because their workforce was all remote,” said Tauseef Ghazi, RSM principal and national leader of security and privacy services.
“The biggest amount of digital transformation that you could have imagined in the middle market has taken place because of COVID-19.”
Due to the threat of attacks, 77% of companies have a dedicated fund focused on data security and privacy.
That’s up from 60% last year.
At the same time, 68% of companies carry a cyber insurance policy, compared to 61% last year.
The survey also found a significant increase in companies dedicating people to data security and privacy.
96%of companies said they are confident in their current measures to safeguard data, even as criminals change their attack methods.
“Many activities have gotten pretty sophisticated, and there is not always a human behind attacks,” said Ghazi.
“Many programs now are automated and running constantly in search of security gaps to exploit.”
Connecticut is one of several states to enact laws to tighten protections in recent years.
In May 2022, the Connecticut Privacy Data Act established new consumer data privacy protection standards and compliance requirements.
And during the 2021 legislative session, Connecticut passed two cybersecurity-related laws.
One law expands the definition of personal information that companies are required to report if they experience a data breach.
The other protects organizations if a third party sues following a data breach as long as it follows an industry-recognized cybersecurity framework.
As legislation changes around the country, 96% of respondents said preparing for new requirements was at least a minor priority.
“A critical element of any cybersecurity strategy is for boards to authorize investments in organizational, educational, and cultural changes needed to close the cybersecurity governance gap and to develop a contextual understanding of how a company’s business systems function and interact,” said Rod Hackman, RSM cybersecurity risk and board advisor.