Mid-sized businesses lack cybersecurity expertise

A new study reveals that 61 percent of mid-sized businesses don't have dedicated cybersecurity experts in their organization.

The research from managed security platform Huntress also shows 24 percent of mid-sized businesses have suffered a cyber attack or are unsure if they have suffered a cyber attack in the past year.

In addition 47 percent businesses don't currently have an incident response plan and 27 percent report having no cyber insurance coverage in place. Just nine percent say their workers adhere to security best practices.

On a positive note though, 49 percent say that they plan to budget more for cybersecurity in the next year. When budgeting for cybersecurity, many mid-sized businesses are approaching things proactively, 38 percent budget based on business needs and priorities, 34 percent to address gaps in their security posture, and another 34 percent based on compliance requirements.

"In some regards, this research tells a virtual 'Tale of Two Cities' for mid-size and smaller businesses. Many report solid progress in strengthening their cyber defenses, while others acknowledge they face significant gaps in resources and talent that substantially increases their cyber risk," says Kyle Hanslovan, chief executive officer of Huntress. "That’s why we focus on delivering solutions that scale to their specific size and circumstance to close these vulnerability gaps."

Training remains a challenge for a significant number of respondents too. While 59 percent report conducting regular formal security awareness training, only nine percent say their employees adhere to security best practices, underscoring the complexity of implementing even the most basic security protocols. More alarming is that over 40 percent of respondents don’t conduct regular formal security awareness training, exposing their organizations to higher cyber risk.

The full report is available from the Huntress site.

Photo Credit: tadamichi/Shutterstock