According to a recent study by the National Center for the Middle Market (NCMM), more than half of U.S. middle market companies lack an up-to-date strategy to combat the cyber risks they face, with 30 percent having no action plan whatsoever. To help them, and at a time when the risk of cyber attacks is growing for companies of all sizes, the NCMM has launched a Cybersecurity Resource Center, the first such resource specifically designed to serve the needs of middle market firms in the area of cyber risk planning. Free to use, the resource center is located at http://cybersecuritycenter.middlemarketcenter.org/.
The Cybersecurity Resource Center provides middle market companies – defined as those with annual revenues between $10 million and $1 billion – with insights and tools to help them create mature cybersecurity programs appropriate to the risks they run and the resources they have. Featuring the most up-to-date data and resources for firms to analyze and address their risk level, the resource center contains insights on how to train people, develop processes and deploy technology in order to prevent, respond and recover from attacks.
The NCMM's Cybersecurity Resource Center is developed for the benefit of C-suite executives overseeing a variety of programs, be they cybersecurity-specific, within IT or outsourced. The website's featured components and resources were developed by the center, faculty experts from The Ohio State University Fisher College of Business and experts from the NCMM's sponsors, including Cisco Systems, Inc., Grant Thornton LLP and SunTrust Banks, Inc. Among the features:
- Cybersecurity self-assessment framework: A detailed resource to assist companies in understanding their risks and to help manage their people, processes and technologies in assessing, reacting to and recovering from cyberattacks
- The Cisco Global Malware Heat Map: A global picture of where malware is originating – including senders' locations, host names, organizations and IP addresses – providing companies with insights as to where the most common threats are originating from in real-time
- Informational videos and tutorials: How-to resources designed to solve specific cybersecurity challenges, available videos include "Addressing the Security Skills Gap" and "Ransomware: Anatomy of an Attack"
- Breaking news articles: Access to the most current cybersecurity information on best business practices, industry trends, high-profile security breaches and more
- Whitepapers: A carefully chosen and curated selection of research reports and whitepapers from government agencies, technology companies, law and consulting firms and elsewhere
"Many middle market businesses are realizing that when it comes to cybersecurity, ignorance is not bliss. However, these firms often lack the scale to create a cybersecurity center of excellence from scratch," said Thomas A. Stewart, executive director of the NCMM. "We've launched the NCMM's Cybersecurity Resource Center to bridge the gap for these businesses and to provide the materials necessary so these firms can begin assessing and addressing the cybersecurity risks they face."
Cybersecurity Resource Center Driven by NCMM Research
The Cybersecurity Resource Center launches on the heels of a recent NCMM survey, which found that 86 percent of firms consider cybersecurity an important concern to their business. While most firms seem to recognize the risks posed to their businesses, only 22 percent have cyber insurance to protect themselves from the financial repercussions of a hack. Just 45 percent have an up-to-date cyber risk strategy, and nearly one-third (30 percent) of firms have no strategy whatsoever.
Perhaps unsurprisingly, the fastest-growing middle market firms tend to view cybersecurity with increased importance. Firms in the financial services and healthcare sectors are most likely to have a current, regularly-updated cyber risk strategy, with 61 percent and 54 percent, respectively, reporting so.
International expansion opens up new risks, the NCMM's study found. Firms that have expanded into new international markets were 26 percent more likely to have been the target of a hack in the past year. All told, 16 percent of middle market firms report having been hacked in the past 12 months, with an additional 9 percent stating that they were unsure if their systems had been breached.
"In today's global threat environment, cybersecurity is about protecting your critical business assets and managing cyberattacks proactively – so they don't become business crises," said Vishal Chawla, national managing principal for Grant Thornton LLP's Cyber Risk Advisory practice. "The Cybersecurity Resource Center will help high-growth businesses do just that – understand their cyber threat profile, much in the same way cyber-criminals do. And it will equip them to take proactive measures to holistically manage their cybersecurity program, in alignment with their business strategy."
A major driving force in the United States economy, the middle market delivers above its own expectations year over year. Middle market companies – those with annual revenues between $10 million and $1 billion – provide roughly one third of the United States' total employment and GDP. As an individual market segment, it is comparable to the economies of Germany and Japan.