Coro released an extensive cybersecurity research report revealing a true market failure: a severe lack of preparedness of the mid-market sector, which is comprised of companies with between 100 and 1,500 employees, to defend against an expanding array of cyber attacks.
Pandemic-induced digital transformation, including remote work, proliferation of devices, and increased cloud application usage, has fueled the rapid emergence of a much broader expanse of assault types than anything seen pre-pandemic, including malware and ransomware attacks via cloud applications and email, endpoint malware, Wi-Fi phishing and insider threats.
Report results show that mid-size companies are largely unprotected due to the fact that they lack the immense team resources, expensive products and expertise needed to protect against these increasing attacks, as the cybersecurity market has evolved mainly to serve large enterprises — and yet, the mid-market sector is getting hit by cyber attacks with a frequency and sophistication on par with large enterprises.
“While we’ve seen broader-reaching protection developed for the large enterprise, the cybersecurity industry is not prioritizing mid-market needs. Now, growing businesses remain entirely exposed in the face of truly unprecedented levels of cyber attacks, which are rapidly increasing not only in volume and sophistication, but also in range and lethality,” said Guy Moskowitz, CEO of Coro.
“The market has failed to protect these essential businesses, and Coro is addressing this issue by providing comprehensive, enterprise-grade cybersecurity protection priced and engineered specifically for mid-size companies.”
Mid-market organizations experiencing a breach: How bad is it?
The research report is based on the examination of over 4,000 mid-size companies across the retail, manufacturing, professional services, healthcare, transportation and education industries. Findings show that the mid-market sector is not equipped to handle the current cyber climate:
The vast majority of mid-market organizations are in the dark when it comes to detecting attacks and completely defenseless when it comes to warding them off. Email malware attacks have increased 154% between 2020 and 2021, but only 1% of mid-size companies have email malware protection in place in 2021 — with 88% of that number having misconfigured the protection settings. The numbers fare even worse for lesser known attacks such as Wi-Fi phishing, which have increased 203%: less than 1% of mid-size companies have any kind of Wi-Fi phishing protection in place, and those who do have a misconfiguration rate of 90%.
The number of attacks on mid-market organizations in every sector increased by at least 50% between 2020 and 2021. Healthcare and transportation stand out as the fastest growing sectors, with attacks increasing over 125% between 2020 and 2021. Attacks in retail, manufacturing and professional services nearly doubled, increasing between 86% and 90%. These increases demonstrate a broad shift, as this caliber and volume of attacks was previously targeted mainly at large enterprises, but are now being launched at mid-size companies.
Targeted, customized attacks are quadrupling, while insider threats have doubled. In 2021, the proportion of naïve attacks – the least sophisticated attack type – dropped from 86% to 68%, while customized attacks and insider threats – both targeted attacks that are the most lethal and damaging – are expanding 4x and 2x respectively, revealing bad actors’ ability to scale more intelligent assaults against a broader range of organizations.
Mid-market organizations are as much as 490% or more likely to experience a security breach by the end of 2021 as they were in 2019. The growth of cyber attacks and the increase in threat vectors targeting mid-size companies since the start of the pandemic, combined with the failure of the security industry to provide viable security solutions geared toward the mid-market sector and the widespread misconfiguration of the few security solutions that have been deployed, have resulted in an alarming increase in the likelihood of experiencing a devastating breach.