Mid-Market Firms Are Most at Risk of Cyber Attacks

When it comes to being a victim of cyber attacks, mid-market companies are finding that no business is too small for a hacker’s purview. With financial losses from security incidents rising 18% from 2013 to 2014, executives are working on doing whatever it takes to develop adequate safeguards. And many feel the federal government’s involvement may also help, particularly, among small to mid-sized businesses.

The Senate Intelligence Committee’s newly passed controversial cybersecurity measure is designed to help companies fight cyber attacks by persuading businesses to share more digital data with the government and each other. However, there is a catch 22. Critics claim it causes a loss of privacy, while the government aims to grant liability protections to companies which share data. The committee’s next steps are to bring the bill to the Senate floor for a vote, which could take place shortly after recess ends in April.

“Average financial losses due to cyber attacks by U.S. mid-market companies in 2014 have reached $1.8 million.”

This bill may be justified, as PwC research demonstrates. The study, conducted in partnership with CIO and SCO magazines, finds that average financial losses due to cyber attacks by U.S. mid-market companies in 2014 have reached $1.8 million. The top two security breaches include exploitation of data and IT systems, while the hackers’ top acts are compromising employee and customer records.

Smaller firms are taking note and stepping up their game. A 2014 Travelers Cos. Inc. analysis finds their risk strategies are beginning to equal, if not surpass, those of larger companies.

But this doesn’t come without challenges. Channelworld reports that major obstacles include the cost of developing cybersecurity measures, the inherent limits of relying on technology and employing a stable of well-trained security experts. This latter hurdle could be elusive, as Channel Dynamics Co-Founder and Director, Cam Wayland, says in Channelworld, firms “may only have one security analyst or specialist.”

Whether businesses rely on the cybersecurity bill or their own risk-mitigating programs and well-trained experts to protect their data, they’ll face high costs. No matter what, companies that think they’re too small to be hit by a cyber attack ought to think twice before their bottom line takes a hit.


Get the CEO Briefing

Sign up today to get weekly access to the latest issues affecting CEOs in every industry

upcoming events