More than half of mid-sized firms lack confidence in tackling cyber threats

The majority (59%) of mid-sized companies are reporting less confidence in detecting cyber threats compared to just over half of enterprises (52%), according to new research by Threat Detection & Response provider, e2e-assure.

  • 1 year ago Posted in

Solid protection against cyber threats is an urgent priority for firms, with an increasing number of businesses grappling with ransomware attacks. In fact, e2e-assure’s research shows that the vast majority (75%) of CISOs and cyber security decision-makers have experienced a cyber attack, and the frequency of breaches doesn’t appear to be slowing down. In fact, according to recent research by GOV.UK, a fifth of businesses said they had experienced breaches or attacks at least once a week in the last 12 months.

Despite mid-sized companies being the most likely to outsource their cyber operations (57%), the research shows that they fare the worst in comparison to enterprises. 47% report that their provider is underperforming compared with 37% of enterprises. Perhaps as a result, only 22% of mid-sized firms believe they are resilient.

62% of mid-market companies said they don’t have flexible contracts that can adapt the scope of the original contract signing, compared with 46% of enterprises. A further 66% of mid-sized companies said they did not have transparent pricing from their provider, compared with 44% of large organisations.

The survey also found services are less likely to be personalised for mid-sized organisations, with 57% of these less likely to have client-centric delivery teams compared with 50% of enterprises. Over half (58%) of mid-sized organisations said they were not benefitting from tooling than can be tailored to their specific business needs, compared with 50% of enterprises.

This means mid-sized organisations are ultimately not benefiting from the same degree of specialist expertise as enterprise organisations, putting them at a potential higher risk of compromise.

Rob Demain, CEO of e2e-assure, said:

“Our report set out to unveil the observations from CISOs and decision-makers as to how their security operations are performing as 2023 continues to prove a monumental year for cyber crime.

“With mid-sized organisations the most prominent outsourcers in our study, but with the majority stating that they’re unhappy with their current support, it’s clear that there is an integral need for a shift in both the service and commercial offerings from cyber security providers to better support mid-sized companies to protect themselves against breaches.”

However, with nearly a third (29%) of mid-sized companies stating that they will be looking for an outsourced provider when they next procure their security operations, it’s clear there is an appetite from cyber security professionals to pass more responsibility on.

With the findings highlighting the need for a shift in the service offerings from providers, five key themes emerged for cyber defence rejuvenation in 2024:

1. Providers will need to prove their value

2. Security teams will relinquish more control to trusted providers

3. Contracts will need to be more commercially flexible

4. Service and tooling flexibility is a priority for organisations

5. Quality cyber defence needs to become more accessible to organisations of all sizes

On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...
Falcon platform will deliver complete protection against identity-based attacks across hybrid cloud...
95% of UK businesses said they were negatively impacted by supply chain cyber breaches within the...
Acquisition of leading DSPM company will bolster Proofpoint’s human-centric security platform...
NTT DATA’s new Managed Detection & Response service powered by Palo Alto Networks Cortex XSIAM...
SPG is enhancing its cybersecurity capabilities in a new partnership with Saviynt, a leading...
Graylog has unveiled significant security advancements to drive smarter, faster, and more...
Datadog has published its new report, the State of Cloud Security 2024. The report found that...