A recent cybersecurity report finds that nearly one in five middle market organizations experienced a data breach in the last year, despite the fact most executives are confident in their security measures.
The report, the 10th annual RSM US Middle Market business Index Special Report: Cybersecurity 2025, said that while reported breaches have fallen significantly since 2024, companies need to remain diligent in their cybersecurity efforts. The report was created by RSM US in partnership with the U.S. Chamber of Commerce and looked into cybersecurity trends, strategies and concern in the midsize business marketplace.
The report said larger companies (between $50 million and $1 billion in revenue) were twice as likely as smaller companies (between $10 million and $50 million in revenue) to suffer a breach in the past year. Twenty-four percent of larger company respondents reported a breach, compared to 12 percent of smaller companies. The data also shows, however, that smaller firms seem to lag in cybersecurity budgets and staffing when compared to their larger counterparts, the report said.
“While this year’s survey results are encouraging, the drop in reported breaches may be attributed to normalization following a spike in 2024 due to the sanctions and disruption in the financial network related to the Russia-Ukraine conflict,” Tauseef Ghazi, national leader of security and privacy with RSM US LLP, said. “With the increasing complexity of attacks, it’s also possible that some companies may not have identified the presence of an attacker in their systems. This means continued vigilance is necessary, especially with the augmentation of AI to support malicious activities.”
The report also found that U.S. firms are prioritizing cybersecurity, with 91 percent of respondents who said they expect their company’s cybersecurity budget to increase in the coming year. The report recommends firms take advantage of consultants who could help drive automation to solve problems at a lower cost.
The report also found that the percentage of firms carrying cyber insurance has increased from 76 percent last year to 82 percent this year. Firms are also implementing strategies to limit business disruptions with 52 percent of respondents saying they are developing crisis or disruption communications plans, 51 percent developing a business continuity plan, and 50 percent implementing a disaster recovery plan for critical systems.
“As the cyber landscape continues to evolve, it’s more important than ever for businesses to understand and incorporate advanced technologies to bolster their cyber posture,” Christopher D. Roberti, Senior Vice President for Cyber, Space and National Security Policy at the U.S. Chamber of Commerce, said. “As we enter this new era of risk and uncertainty, the U.S. Chamber is advocating for a collaborative approach to cybersecurity, emphasizing the importance of public-private partnerships and industry-led standards to enhance our collective security and resilience.”