Skip to main content
close search
site logo
Dive Brief

Mid-sized companies grapple with response to cyber crises

Limited resources, staffing and executive awareness can hamper attack response capabilities.

Published July 8, 2022
David Jones's headshot
Reporter
Two people look at five computer screens showing code and digital maps in an office. A third person talks on the phone while looking at a paper.
shironosov via Getty Images

Dive Brief:

  • Mid-sized companies are facing unique challenges in managing their cybersecurity programs, as limited IT security staff, smaller budgets and a lack of awareness among top executives slow their capabilities to respond during a crisis, according to a report commissioned by Egnyte.  
  • Less than two-thirds of companies have a formal incident response plan in place, according to the report. Such a lack of preparation puts many organizations in jeopardy during an actual attack, particularly in the event of ransomware, because the ability to track down and mitigate a breach can take up valuable time. 
  • The rising cost of cyber insurance continues to be an issue for mid-sized companies. Research shows almost half of all the companies surveyed saw rate increases of 76% or more during the past year.

Dive Insight:  

Unlike billion dollar enterprise firms, companies in the mid-market range cannot support 24/7 security operations staffing. Mid-sized businesses often also lack the budget to hire top cybersecurity firms, ransomware negotiators or white-glove law firms to help with regulatory compliance. 

What's more troubling is many mid-sized companies are inadequately prepared to respond to cyberattacks with a formal incident response plan. 

“Incident response plans are key drivers to maintaining employee productivity, customer service and executive communication during potential cyberattacks,” Neil Jones, director of cybersecurity evangelism at Egnyte, said via email. 

Jones and other experts agree it's best practice to have an up-to-date plan in place and practice tabletop exercises. 

Forrester analysts also warn companies to have their preselected incident response partners in place and prepare before an actual attack.

Cybersecurity awareness training remains an issue, as less than half of mid-sized companies in the survey train more than three-quarters of employees. However, nearly two-thirds of organizations conduct cybersecurity training once every quarter. 

The report is based on an online survey of 400 C-level executives at U.S. companies, with anywhere from 100 to 1,000 employees. Over half of survey respondents work in CIO, CTO or IT security roles, while almost one in five work in data roles. 

A December 2021 report from Gartner shows the responsibility for security usually falls to a CIO or another senior-level IT executive at mid-sized firms, as opposed to a dedicated chief security officer. 

Filed Under: Strategy

Editors' picks

Company Announcements

View all | Post a press release
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Strategy
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell