The CyberSecurity State of the MidSized Company is Risky Business
Mid-Sized Company Cybersecurity Challenge
If your company employs 250 or more people a year and earns more than $10 million a year in revenue, your cybersecurity concerns are far different than your neighborhood shop with 20 employees and a significantly smaller budget.
Mid-sized businesses are often tucked away in the small-to-mid-sized business (SMB) category because, frankly, the federal government doesn’t formally recognize a mid-sized category.
However, if your company posts between $10 million and $1 billion, according to the Ohio State University’s National Center for the Middle Market, then you’re a mid-sized company, and mitigating your cybersecurity challenges is more complicated.
According to the Ponemon 2016 State of CyberSecurity in SMBs report, 62 percent of SMBs say they are not effective at mitigating risks, vulnerabilities and attacks across their enterprise and they cite their biggest problem as not having the personnel to do so. Budget constraints and insufficient enabling of security technologies are also barriers to a stronger cybersecurity posture.
This is troubling in light of new studies that show cybercriminals view the mid-sized business as their “sweet spot” because they have the resources these thieves like to target, but not enough people and know-how to address it.
In addition, mid-sized businesses have a much harder time recovering from attacks than the “big boys.” Target, Home Depot and eBay, for example, have all recovered from the massive cyberattacks that besieged their enterprise, but 60 percent of smaller businesses that fall victim to cybercrime go out of business within six months because they can spend up to $50,000 recovering from each breach.
Cybersecurity Services for Mid-Sized Companies
There are some options like considering a Managed Security Services Provider (MSSP) or a Virtual Security and Compliance Consultant (vSCC) that can help you update your cybersecurity posture. MSSPs and vSCCs help mid-sized businesses utilize the resources of an entire crew of IT security professionals while paying a monthly fee less than the average salary of one expert.
The predictable monthly fee of an MSSP allows a mid-sized company to budget and manage the cost as an operating expense rather than a capital expenditure. The vSCC combines the flexibility of an outside consultant with a trusted and dedicated individual who knows your staff, your network and your policies.
The bottom line is that mid-sized businesses should overcome the notion that they aren’t a target and reaching out to cybersecurity experts cost far less than trying to overcome the costs associated with a data breach.