Majority of mid-sized enterprises have insufficient cybersecurity professionals and incident management strategies
A recent report from Huntress reveals that the majority of businesses in the United States and Canada are mid-sized, and many are struggling to address their cybersecurity challenges. The report surveyed mid-sized businesses on their organizational structure, resources, and cybersecurity strategies. The findings suggest that there are significant gaps in key functions, including planning, staffing, security awareness training, and cybersecurity insurance.
One of the main challenges facing mid-sized businesses is a lack of dedicated cybersecurity experts. The report found that 61% of mid-sized businesses do not have cybersecurity professionals on staff. This can make it difficult to implement effective cybersecurity measures and respond to security incidents when they occur. In fact, 47% of businesses surveyed reported that they do not have an incident response plan in place.
In addition to a lack of cybersecurity professionals, mid-sized businesses also struggle to implement basic security measures such as threat monitoring, endpoint detection and response, vulnerability scanning, patch management, and network detection and response. Only 9% of respondents reported that their workers consistently adhere to security best practices.
The report also highlights the difficulties mid-sized businesses face in securing cybersecurity insurance. While the demand for cyber insurance is increasing, many businesses are struggling to meet the requirements. Nearly 30% of respondents reported having no cyber insurance coverage, and the report suggests that this is due to inadequate cyber hygiene practices.
Despite these challenges, the report found that many mid-sized businesses are aware of the need for layered cybersecurity strategies and are planning to budget more for cybersecurity in the coming years. However, it is clear that more needs to be done to address the gaps in resources and talent that are putting mid-sized businesses at risk.