RSM US report reveals 45% of mid-sized businesses were hit by breaches last year, driving cyber insurance from an optional safeguard to a core business necessity.

New RSM US Middle Market Business Index (MMBI) Cybersecurity Special Report, created in partnership with the U.S. Chamber of Commerce, finds that middle market companies experienced a significant increase in data breaches over the past year, leading more of them to obtain cyber insurance.

Why it matters: The findings suggest that mid-sized businesses are becoming a more frequent target for cyberattacks, shifting cyber insurance from an optional safeguard to a core business necessity.

By the numbers: According to the survey of 405 senior executives:

  • 45% of middle market companies experienced a data breach in the past year, a notable increase from 35% in 2022.
  • 76% of respondents now have cyber insurance coverage, up from 65% the prior year.
  • 85% of executives said they are familiar with the details of their company's cyber insurance policy, compared to 77% in 2022.
  • Unauthorized user access was the cause of 52% of the data breaches reported.
The big picture: While more companies are buying insurance, the process of getting it is becoming more difficult. Insurers are implementing more rigorous underwriting processes, requiring businesses to demonstrate a comprehensive security program is in place before a policy is issued.

What they're saying: "Cyber insurance is becoming a necessity for middle market businesses as the frequency and severity of cyberattacks continue to rise," said Tauseef Ghazi, national leader of security and privacy at RSM US.

  • "However, the underwriting process is becoming more rigorous, and organizations need to be prepared to demonstrate that they have a comprehensive security program in place to obtain coverage," Ghazi added.
Zoom in: The report also points to the growing influence of artificial intelligence.

  • More than half of the executives surveyed (54%) said their organizations are either using or considering using AI.
  • This adoption introduces new potential security risks that companies must now factor into their defense strategies, alongside persistent threats like ransomware.
What to watch: The relationship between insurance requirements and a company's internal security program will become more intertwined. As cyber threats evolve with technologies like AI, insurance providers will likely demand more stringent and adaptive security measures from policyholders.

See the full RSM US Cybersecurity Special Report here:

SOURCE: RSM US

NOT FOR REPRINT

© Arc, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to TMSalesOperations@arc-network.com. For more information visit Asset & Logo Licensing.