Cybersecurity remains a critical concern for middle market businesses. According to RSM data, reported breaches over a recent one-year period matched a high seen only once before in nine years of data collection by the firm. The threat environment is more challenging now as generative AI and other new technologies increase risk, placing an enterprise emphasis on well-maintained protective strategies.
Twenty-eight percent of middle market executives surveyed in the Q1 RSM US Middle Market Business Index survey said their organizations experienced a data breach in the last year, rising from 20% in the 2023 survey and matching 2021 results. Increases were seen across the board, as breaches at smaller middle market companies rose to 20% from 12% a year ago, and those at their larger counterparts were up to 37%, compared to 28%.
Even as breaches were up, 95% of survey respondents are confident in their current security measures. This year’s survey also saw a record-high number of companies that carry a cyber insurance policy (76%) and respondents that made a move to the cloud due to security concerns (55%). But while 37% of executives said cybersecurity will get an increasing share of the organization’s revenue, 61% of middle market decision-makers have two or fewer dedicated data security or privacy employees.
RSM risk professionals cite complacency, the rapid adoption of emerging artificial intelligence technology and threats from foreign actors as among the worrisome trends responsible for the recent sharp uptick in cyber incidents.
For media and entertainment companies, the most pressing cybersecurity issues generally fall into two categories: protecting consumers and their data – such as payment information and viewing preferences – and protecting the company’s content and other intellectual property from piracy and leaks.
A company’s priorities can vary by subsector; in gaming, for instance, application security testing is especially important because today’s complex gaming architectures provide a myriad of opportunities for threat actors exploit weaknesses. In sports, companies need to understand what the rise in fan engagement technologies means for protecting customer data. But a clear digital identity strategy benefits all these segments.
Identity Strategies and the Digital Journey
As businesses get more digital, creating a seamless identity experience for customers is becoming a bigger challenge. Especially when companies acquire a new brand and need to integrate various websites or apps, pitfalls lie ahead for teams that don’t understand the breadth of the information they have access to.
An effective digital identity strategy must constantly evolve as new users and groups require access and some existing users no longer do, and as new strategies become available to verify users and their purpose. The right approach can protect sensitive data and improve the online experience for both customers and employees.
MMBI data indicates that middle market companies are in various stages of their digital journey, with 31% of executives saying their companies provide people with access as needed. In addition, 24% provide single identity solutions such as single sign-on for system access, while another 22% require disparate usernames and passwords.
The MMBI survey, conducted online from Jan. 8 to Feb. 16, 2024 on behalf of RSM by The Harris Poll, drew responses from 403 middle market executives across a variety of industries. Survey research provides insights into those at smaller ($10 million to less than $50 million in revenue) and larger ($50 million to $1 billion in revenue) middle market organizations; in many cases large gaps exist between the two groups.
Risk Management
The media and entertainment industry operates highly complex digital systems made up of many partners, service providers, technology vendors and emerging technologies. Many companies do not have a good understanding of the systemic digital risk inherent in their environment, as was most recently made evident by the massive global IT outage. A strong risk management program is critical.
Businesses often move quickly to add providers and other companies they share data with to market to certain audiences and distribute content, and if the business doesn’t understand the risk exposure they are creating and how to manage it they may increase the potential impact of a breach.
Many security incidents are the result of vulnerabilities within third-party risk strategies. RSM survey data shows opportunities for middle market companies to improve those controls. For example, almost two-thirds of respondents (64%) regularly evaluate the cybersecurity controls of third parties and nearly 3 in 5 (58%) include service-level agreements and other data and security controls in contractual agreements.
In addition, just over half (53%) of the survey respondents use a governance, risk and compliance or other tool to manage third-party risk management, half include critical third parties in business continuity and disaster recovery planning, and only 39% maintain a vendor inventory with vendors classified in accordance with a defined risk matrix. Implementing any – or a combination – of these strategies can mark a significant step toward mitigating potentially harmful third-party risks.
Areas of Focus
The unpredictability of potential attacks and the broad range of threats to sensitive data and intellectual property require companies to remain ever vigilant. Attacks are occurring more often and becoming more expensive, and they can be very harmful or even fatal for companies with tight profit margins. Any disruption in operations has a direct impact on profitability; the longer an issue persists, the more difficult recovery becomes.
Middle market companies need to evaluate their strategies to resist and respond to attacks and take advantage of opportunities to strengthen their cybersecurity strategy. Potential adjustments include optimizing existing security tools, implementing modern identity access plans and leveraging managed security services to augment internal IT personnel who often can’t keep up with evolving cybersecurity concerns and regulatory demands.
This article was written by Alden Hutchison, a principal at RSM US LLP, and Justin Krieger, a technology, media and telecommunications senior analyst at RSM Canada.
Posted at MediaVillage through the Thought Leadership self-publishing platform.
Click the social buttons to share this story with colleagues and friends.
The opinions expressed here are the author's views and do not necessarily represent the views of MediaVillage.org/MyersBizNet.