Hear from CIOs, CTOs, and other C-level and senior execs on data and AI strategies at the Future of Work Summit this January 12, 2022. Learn more
According to a cross-industry mid-market security study by Coro, mid-sized businesses are as much as 490% more likely to experience a security breach by the end of 2021 than they were in 2019.
Today, mid-sized companies are getting barraged by cyberattacks as frequently as their enterprise counterparts. Yet unlike large enterprises, these smaller companies lack the budgets, resources, and expertise to protect themselves. Adding to that, the cybersecurity industry prioritizes large enterprise needs, leaving a dearth of cybersecurity tools geared toward the mid-market.
The study revealed that between 2020 and 2021, the number of attacks on mid-sized in every sector increased by at least 50%, with attacks in health care and transportation increasing by more than 125%.
Additionally, cyberattack numbers tend to spike significantly as the holiday season approaches. In the last quarter of 2020, cyberattacks on mid-sized businesses across industries increased between 22% and 36% compared to the first eight months of the year, and increases are trending similarly for 2021. The sophistication of attacks has leveled up as well, the proportion of generic attacks — those involving no attempt to differentiate between targets — to more sophisticated schemes dropped from 86% to 68% from 2020 to 2021. Meanwhile, targeted and customized attacks that are significantly more damaging have quadrupled.
Prior to the pandemic, phishing and malware attacks were the predominant attack types. However, due to the digital transformation, mid-sized companies went through over the last two years, a broader range of cyber assaults has since emerged, and every type has grown significantly between 2020 and 2021. Bot attacks have increased by 238%, Wi-Fi phishing by 203%, malware in cloud applications by 180%, malware via email by 154%, malware delivered via endpoints by 156%, and insider threats by 132%.
To exacerbate the situation, most mid-sized companies don’t invest in security solutions beyond the basics of email phishing and malware — and out of those who do, the vast majority (70%) of deployments are misconfigured, greatly compromising the defense perimeter.
The Coro report is based on data from more than 4,000 mid-size companies of between 100 and 1,500 employees operating in the retail, manufacturing, professional services, health care, transportation, and education industries, over the course of 2020 and 2021.
Read the full report by Coro.