Mid-Sized Businesses 490% More Likely to Be Hit with a Security Breach Today Than in 2019

According to Coro's cross-industry mid-market security study, mid-sized businesses are up to 490 percent more likely than they were in 2019 to experience a security breach by the end of 2021.

Source: Venture Beat | Published on November 23, 2021

BEC attacks

Mid-sized businesses are now subjected to cyberattacks on a par with their enterprise counterparts. Nonetheless, unlike large corporations, these smaller businesses lack the budgets, resources, and expertise to protect themselves. Furthermore, the cybersecurity industry prioritizes large enterprise needs, resulting in a scarcity of cybersecurity tools aimed at the mid-market.

According to the study, the number of attacks on mid-sized businesses in every sector increased by at least 50% between 2020 and 2021, with attacks in health care and transportation increasing by more than 125 percent.

Furthermore, as the holiday season approaches, the number of cyberattacks tends to skyrocket. Cyberattacks on mid-sized businesses across industries increased by 22 percent to 36 percent in the fourth quarter of 2020, compared to the first eight months of the year, and increases are expected to continue in 2021. The sophistication of attacks has also increased; from 2020 to 2021, the proportion of generic attacks — those that make no attempt to differentiate between targets — to more sophisticated schemes fell from 86 percent to 68 percent. In the meantime, the number of targeted and customized attacks that are significantly more damaging has quadrupled.

Prior to the pandemic, phishing and malware attacks were the most common types of attacks. However, as a result of the digital transformation that mid-sized businesses have undergone over the last two years, a broader range of cyber assaults has emerged, and each type has grown significantly between 2020 and 2021. Bot attacks are up 238 percent, Wi-Fi phishing is up 203 percent, malware in cloud applications is up 180 percent, malware delivered via email is up 154 percent, malware delivered via endpoints is up 156 percent, and insider threats are up 132 percent.

To make matters worse, most mid-sized businesses do not invest in security solutions beyond the basics of email phishing and malware — and of those that do, the vast majority (70 percent) of deployments are misconfigured, putting the defense perimeter at risk.

The Coro report is based on data from over 4,000 mid-size businesses with 100 to 1,500 employees that operate in retail, manufacturing, professional services, health care, transportation, and education in 2020 and 2021.

Coro's full report can be found here.