Mid-sized businesses – those with 250 to 2000 employees – don’t appear to have what they need to fend off attacks in a number of critical ways.
Cybersecurity vendor Huntress’ latest report, The State of Cybersecurity for Mid-Sized Businesses in 2023, shows that mid-sized businesses are in a heap of trouble and simply aren’t prepared for an attack:
- 61% of mid-sized orgs do not have a dedicated cybersecurity expert on staff
- On average, for every 10 IT employees at an organization, one is dedicated to cybersecurity
- 50% have no plans to increase cybersecurity spending
- 47% do not have an incident response plan
- 27% have no cyber insurance
- 41% outsource their cybersecurity
In short, organizations have no internal resources to ensure the organization is improving its state of cybersecurity daily. This puts the onus on cybersecurity solutions and the users themselves, as the only additional means to keep the org secure. We already know that 10% of threats get past security solutions, so we’re left with educating the user to stop attacks.
Despite 71% of the survey respondents stating they had Security Awareness Training in place, 40% do not conduct regular training, 16% only perform ad hoc training, and 9% only push training when an incident occurs.
This is a HUGE problem; Security Awareness Training is best when used continually so users are always in a mindset of being vigilant when interacting with potentially malicious email and web content. It also requires phishing testing to act as a feedback loop so IT understands where their greatest risk lies within the organization so the risk can be addressed with additional training.