UncommonX, a SaaS-based cybersecurity managed services provider, today announced the major findings from its State of Cybersecurity for Midsize Organizations study which engaged senior members of IT departments from small to medium businesses across a variety of industries. Gathering critical insights in preparedness, confidence, perceived threats and risks, the study revealed that 60% of midsize organizations suffered a ransomware attack in the past 18 months and 20% spent $250K or more to fully recover from it.
“There has been a misconception for some time that only large enterprises are attacked due to their perceived ability to pay and the complexity of their networks,” said John Morris, CEO of UncommonX. “Our study clearly demonstrates both the real threat of cybersecurity attacks as well as vulnerabilities midsize organizations face both from external threats but also because it isn’t a priority within the greater organization. A one-and-done approach to preparing and monitoring for risks is no longer the answer.”
Pandemic-Induced Risks and Vulnerabilities
More than one-third of businesses indicated that the pandemic conditions have worsened their overall risk levels. Almost half cited work-from-home (WFH) as a key factor in increasing their risk, with WFH likely to remain a larger part of the corporate landscape. And only 11% indicated that they felt more confident in their cybersecurity protection compared to 18 months ago.
Ransomware Concerns and Real Threats
Organizations say the greatest threats they face due to cybersecurity risks include email fraud (53%), phishing (47%), cyberattacks (45%) and cloud account compromise (38%). Nearly 50% of respondents indicated moderate to extreme concern that a ransomware attack would be successful at affecting their business. Of the organizations that did suffer an attack, one in four responded that they lost customers and 31% indicated a loss of daily operations and productivity. Making matters worse, nearly 20% of midsize organizations cited that it took between one and six months to fully recover their business with another 12% taking even longer.
Prioritization of Cybersecurity Protection
While over half (53%) of midsized company IT decision makers stated that cybersecurity is a moderate to high priority for their group, 70% believe the greater organization has not prioritized cybersecurity. When asked about cyber risk assessments, only 35% had conducted one in the past year and less than a third indicated complete confidence that their networks were mapped adequately.
Study Methodology
The findings from UncommonX’s State of Cybersecurity for Midsize Organizations study were derived from an online panel conducted by Thrive Analytics. Data was gathered between October 1-14, 2021, from 220 key IT-related professionals at mid-sized organizations across numerous industries in the U.S. The full report is available at https://info.uncommonx.com/hubfs/UncommonXStateofCybersecurityMidsizeOrganizations.pdf.