This week marks Week 3 in the National Cyber Security Awareness Month (NCSAM). With the focus on Recognizing and Combating Cybercrime we have decided to focus on the underserved population, the Midmarket.
The US Middle Market, a.k.a. midmarket, in the US accounts for 1/3 of all jobs and 1/3 of private sector GDP and according to the National Center for the Middle Market, "If the U.S. middle market were a country, its GDP would rank it as the third-largest economy in the world".
A new report by Advisen sheds some light on how these firms perceive their preparedness and ability to respond to CyberSecurity issues.
Everyone is, or should be aware of Cybersecurity as an issue. From the loading bay to the boardroom almost everyone has directly or indirectly been exposed to the topic. So why is Cybersecurity still a problem?
The report presented some very interesting findings:
1. 90 percent of respondents said their company’s senior management is at least moderately concerned. But according to risk professionals, this concern has yet to fully translate into privacy and security investments and focus.
2.Risk professionals saw substantial room for improvement in the cybersecurity efforts of their organizations
3. The survey discovered a continuing disconnect between information technology (IT) and risk management with regards to privacy and security in middle market companiesWhile the report is very indicative to the attitudes and cultures we have observed we would rather focus on what Midmarket companies can do to strengthen their posture.
- Guage the security awareness of the people in your organization. If security is an after thought for a company's Board of Directors it will trickle down to the entire organization.
- Identify the worst case scenarios for your business. Which systems are critical to your reputation or revenue? Is the company held together by a small set of devices, applications or even a spreadsheet? Can you afford a day's payroll if you are hit with Ransomware?
- Get help! We know that Midmarket executives have placed a lot of pressure on IT professionals to keep their organizations, "Safe and Secure", IT professionals are not security professionals so lets make sure they have a common language to communicate risks back to the business. The national Cyber Security Alliance's "Re:Cyber" is a great resource for non-technical business executives
Cybersecurity is a dauntiung subject, even for us sometimes!, but it should be seen as an opportunity to find out what you don't know and plan accordingly. Surprises are never nice, particulary in the middle of the night or during holidays so take advantage of this moment, be proactive and use our comments feild to ask questions or get advise! We don't want you to be scrambling for help when you have an issue!
If you haven't had a risk assessment use our free assessment tool to get you started!