New research conducted by cybersecurity firm e2e-assure has shed light on the growing concerns of mid-sized companies when it comes to detecting cyber threats. According to the study, approximately 59% of mid-sized companies express diminished confidence in their ability to detect these threats, in contrast to just over half of enterprises, where 52% share this concern.
With the rise of ransomware attacks and the increasingly complex challenges they present, it has become imperative for companies to ensure robust protection against cyber threats. E2e-assure’s research has revealed that a substantial majority of Chief Information Security Officers (CISOs) and key decision-makers in cybersecurity, approximately 75%, have encountered cyberattacks. Furthermore, the frequency of security breaches shows no sign of abating, with a recent study by GOV.UK finding that a fifth of businesses have experienced breaches or attacks on a weekly basis over the past year.
Despite the fact that mid-sized companies are more likely to outsource their cybersecurity operations (57% of them do so), the research indicates that they fare poorly in comparison to enterprises. Specifically, 47% of mid-sized companies report that their service provider is underperforming, compared to 37% of enterprises. This could explain why only 22% of mid-sized firms believe they possess the resilience needed to withstand cyber threats.
Contract flexibility is another area where mid-sized companies seem to struggle. The research found that 62% of mid-market companies lack contracts that can adapt to changes in the initial agreement, while only 46% of enterprises face this issue. Additionally, 66% of mid-sized companies lack transparent pricing from their service provider, compared to 44% of large organizations.
One significant finding from the survey is that services are less likely to be tailored for mid-sized organizations. For example, 57% of mid-sized companies are less likely to benefit from client-centric delivery teams, in contrast to 50% of enterprises. Moreover, over half (58%) of mid-sized organizations do not have access to tools that can be customized to meet their specific business needs, compared to 50% of enterprises. This discrepancy means that mid-sized organizations are not enjoying the same level of specialist expertise as their enterprise counterparts, potentially leaving them at a higher risk of security compromise.
Commenting on the findings, Rob Demain, the CEO of e2e-assure, highlighted the need for a shift in service and commercial offerings from cybersecurity providers to better assist mid-sized companies in safeguarding against breaches. He emphasized that while mid-sized organizations are the most prominent outsourcers in the study, the majority express dissatisfaction with their current support. Demain believes that this dissatisfaction underscores the critical need for a transformation in the services offered by providers.
Despite the challenges faced by mid-sized companies, there is a strong desire among cybersecurity professionals to entrust more responsibilities to external experts. The research found that nearly one-third (29%) of mid-sized companies are planning to seek outsourced cybersecurity providers in their next procurement cycle.
The findings of the study highlight the necessity for providers to demonstrate their value, and for security teams to relinquish more control to trusted providers. Contracts should also be more commercially flexible, and flexibility in services and tools must become a priority for organizations. Furthermore, quality cyber defense needs to become more accessible to organizations of all sizes.
In conclusion, the research conducted by e2e-assure uncovers the concerns and challenges faced by mid-sized companies when it comes to detecting and preventing cyber threats. The study emphasizes the need for a transformation in the services offered by cybersecurity providers in order to better assist mid-sized companies in safeguarding against breaches. With the increasing frequency and complexity of cyberattacks, it is crucial for organizations of all sizes to prioritize cybersecurity and ensure they have the necessary tools and support to protect their networks and data.