With reported breaches falling and 91% of respondents reporting an increase in cybersecurity investments, companies generally feel secure in their protective strategies. In fact, 97% of survey respondents are confident in their current security measures, the highest level in the 10-year history of the report. In addition, this year’s survey saw a record-high number of companies that carry a cyber insurance policy (82%).
Despite the drop in reported breaches, RSM risk professionals caution middle market companies against getting too comfortable in the face of cybersecurity risks, as the threats are still very real.
Tauseef Ghazi, a principal at RSM US LLP and leader of the firm’s cybersecurity practice, believes the reported breaches may have simply normalized after the spike in the previous year’s data. “The influx in 2024 is explainable because of the sanctions and the disruption in the financial networks related to the Russia-Ukraine conflict,” he says. “After this year’s drop in breaches, we are very comparable in terms of historical breach levels in the survey. Therefore, continued vigilance is required, especially with the augmentation of AI to support such malicious activities.”
The increased complexity of attacks also may at least partially explain the decline in reported breaches, as some companies may not have identified the presence of an attacker in their systems. For example, when a ransomware attack takes place, the attacker announces themselves to collect the ransom. But now, many bad actors are attempting to access networks and operate silently within them to collect sensitive data.
“The scary part for companies is that attacks have become so sophisticated, and they may not be able to detect them,” says Daniel Gabriel, an RSM US principal. “If attackers are backing down on ransomware, the goal of the attack is to not disclose yourself.”
However, RSM US Principal Matt Franko sees companies taking advantage of some cybersecurity controls and strategies that could also contribute to the drop in reported breaches. “Our No. 1 recommendation still to this day is to develop a strong asset inventory,” he says. “We are seeing a lot more organizations start to address asset management and inventory, which is helping them in a variety of other areas, such as vulnerability management and access management. You can do a much better job protecting yourself when you know what you need to protect.
“We have helped a lot of organizations automate their configuration management database with intelligent platforms like ServiceNow,” he continues. “Sometimes, it’s a combination of tools that creates a consolidated viewpoint of tools and systems. Once that program is up and running, and you’re getting a consistent view of your population, you can understand what you have and then go protect it.”
Franko also believes that the growing reliance on managed security services and the increased specialization of those platforms have put companies in a stronger position to address evolving threats. “Organizations have invested a lot more in working with companies like RSM and our RSM DefenseTM managed security solution,” he says. “Buyers are becoming smarter; they want more sophisticated managed services providers that know and understand their environment.”