UncommonX, a Chicago based cybersecurity managed services provider, released findings from its State of Cybersecurity for Midsize Organizations study which engaged senior members of IT departments from small to medium businesses across a variety of industries. Gathering critical insights in preparedness, confidence, perceived threats and risks, the study revealed that 60% of midsize organizations suffered a ransomware attack in the past 18 months and 20% spent $250K or more to fully recover from it.
“There has been a misconception for some time that only large enterprises are attacked due to their perceived ability to pay and the complexity of their networks,” said John Morris, CEO of UncommonX. “Our study clearly demonstrates both the real threat of cybersecurity attacks as well as vulnerabilities midsize organizations face both from external threats but also because it isn’t a priority within the greater organization. A one-and-done approach to preparing and monitoring for risks is no longer the answer.”
More than one-third of businesses indicated that the COVID-19 pandemic conditions have worsened their overall risk levels. Almost half cited work-from-home (WFH) as a key factor in increasing their risk, with WFH likely to remain a larger part of the corporate landscape. Only 11% indicated that they felt more confident in their cybersecurity protection compared to 18 months ago.
Organizations said the greatest cybersecurity threats they face include email fraud (53%), phishing (47%), cyberattacks (45%) and cloud account compromise (38%). Nearly 50% of respondents indicated moderate to extreme concern that a ransomware attack would be successful at affecting their business.
Of the organizations that did suffer an attack, 25% responded that they lost customers and 31% indicated a loss of daily operations and productivity. Making matters worse, nearly 20% of midsize organizations cited that it took between one and six months to fully recover their business with another 12% taking even longer.
While over half (53%) of midsized company IT decision makers stated that cybersecurity is a moderate to high priority for their group, 70% believe their organization has not prioritized cybersecurity. When asked about cyber risk assessments, only 35% had conducted one in the past year and less than a third indicated complete confidence that their networks were mapped adequately.
The findings from UncommonX’s State of Cybersecurity for Midsize Organizations study were derived from an online panel conducted by Thrive Analytics. Data was gathered from 220 key IT-related professionals at mid-sized organizations across numerous industries in the U.S. The full report is available here.
Nathan Muller is the author of 29 technical books and over 3,000 articles that have appeared in 75 publications worldwide. He also writes articles, blogs and social media content for tech companies and their executives.