Looking ahead at the next 12 months, middle market companies are most concerned with their cybersecurity strength. As businesses become more digital, these organizations believe security risks will increase in the next year, a Chubb and National Center for the Middle Market (NCMM) report found.

Chubb and NCMM’s Middle Market Indicator report, released on Wednesday, surveyed 1,000 US C-suite middle market company executives to determine their top business challenge areas. The MMI is published every quarter, and this most recent Q3 report identified the state of economy costs and growth as top concerns for organizations, with cybersecurity dominating as the No. 1 risk.

SEE: Special report: A winning strategy for cybersecurity (free PDF) (TechRepublic)

Gartner defines middle market companies as having a combination of the following:

  • between $50 million and $1 billion revenue
  • 100 to 1,000 knowledge workers
  • less than 30 IT staff
  • IT budgets averaging less than $20 million
  • cross-industry average IT spending of 4.9% of revenue

“The middle market is low hanging fruit for attackers,” said Brad LaPorte, senior director analyst of end security and threat intelligence at Gartner. “They often do not have the budget, skillset, or ability to implement proper security best practices.”

Nearly half of organizations (47%) said they believe risk in their industry will increase in the next year, and almost the same number (48%) said they believe risk for their company will also grow, the report found.

Cybersecurity remains the most challenged risk to manage for companies. In Q2, 47% of organizations rated cybersecurity as their top concern, and the trend followed in Q3, with cybersecurity taking the top spot at 46%, according to the report.

“Midmarket enterprises have the same security concerns as larger enterprises,” said Paul Furtado, senior director analyst at Gartner. “The impact of a cybersecurity event to a midmarket organization can be far more devastating, due to the organization’s ability to financially recover post event.”

“For example, if a large organization was to have a cybersecurity event that ultimately costs them $25 million in losses (productivity, loss of sales, penalties, etc.), they can typically recover,” Furtado said. “A $25 million loss in the [middle market] can have a catastrophic and business ending effect solely because they do not have the financial resources to overcome it.”

However, stakeholders for middle market organizations are recognizing these issues and investing in proper security tools; and those that haven’t, should, he said. Beneficial investments include cybersecurity awareness training, insider threat mitigation, cloud security, improved authentication, and managed security providers (MSSP) or managed detection response (MDR), Furtado said.

Other middle market trends

While security is the most prominent focus for middle market organizations, the report found other important trends.

Leaders also identified risks associated with the state of the economy costs (38%) and growth (35%), legal and regulatory (33%) and disruptive competitors (31%) as difficult to manage.

The report indicated a decrease in revenue, employment growth rate, and economic confidence for middle market companies. More than half (56%) of respondents said they would rather hold extra cash than invest in their businesses right away.

However, performance remained positive, with 60% of executives citing their companies’ overall performance as better today than it was a year ago.

“Middle market leaders tend to underestimate forecasts of future growth and hiring; however, our data have been predicting that growth would cool off, and now it has,” said Thomas Stewart, executive director of NCMM, in a press release. “Despite indications of a slowing growth rate, the middle market continues to grow significantly faster than both big and small businesses.”

For more, check out Cybersecurity: Do these six things to protect your company online on ZDNet.

Also see

Getty Images/iStockphoto