Mid-market companies are just as vulnerable to cyberattacks, if not more so, because mid-market companies have smaller budgets and fewer resources to put toward cybersecurity tools and solutions.

Many business leaders believe that cybercriminals just aren’t interested in breaching the mid-market companies’ networks—that mid-market companies have nothing they want. Again, not true. According to Symantec’s latest Internet Security Threat Report, 60% of all targeted attacks were on small- and medium-sized businesses. This was an increase over the previous year. Medium-sized business attacks were up 30%. Cyber security experts predict 2016 will be even worse.

This means that mid-market businesses have a lot to worry about when it comes to cyber crime, and it seems like they are beginning to realize it. A recent survey of the readers of Chief Executive magazine showed that readers’ number one concern is cyber-security.

On March 10th, hackers disrupted the internet hosting provider Staminus Communications’ website for 20 hours, and by the 14th, it was still not accessible. Staminus says that credit card and other personal information were exposed during their data breach. A huge amount of their stolen data was seen online almost immediately after the attack.

As the risks to information and business mount, so does the cost of not taking action to meet those risks, especially in the mid-market. A data breach can sink a business, and the careers of its leaders.

Looking at the risks, the costs of preventing, or responding to, data breaches seem more than justifiable.

Here are 4 things mid-market CEOs should do right now to protect their companies from cyberattacks.

1. Have a data management strategy in place; destroy any data that is no longer being used. Know what data is critical and then establish controls to ensure that data is recoverable and secure.

2. Put in place necessary procedures to prevent a data breach from ever occurring, like getting vps hosting for your website. Minimize human error by making everyone accountable. Know who is in charge of what.

3. Checks should be in place to test cybersecurity. Schedule audits and run random spot-checks to uncover any problems.

4. Implement an incident response process that includes detailed instructions on how to handle all phases of a breach.

Going forward mid-market business leaders must take the same proactive measures that there larger counterparts are to keep their companies’ systems and information safe.