Middle Market
Cybersecurity statistics about middle market
Top Vendors
Showing 1-20 of 44 results
The most commonly outsourced cybersecurity services among middle market firms are cloud security management (50%), security awareness training (44%), security operations center services (43%), and risk and compliance management (41%).
51% of middle market companies rely on staff training for responsible AI use.
46% of middle market companies use AI performance monitoring.
44% of middle market companies define roles and responsibilities for AI decision-making.
81% of middle market organizations plan to increase cybersecurity spending in the year ahead, down from 91% the previous year.
Only 35% of middle market executives report using formal AI governance frameworks.
Cybersecurity funding is managed by the chief technology officer in 43% of middle market firms, by the chief financial officer in 37%, and by the chief information security officer in 34%.
36% of middle market organizations prioritize cloud security in cybersecurity investment.
18% of middle market organizations experienced a data breach in the past year.
96% of middle market executives express confidence in their cybersecurity posture.
Nearly 1 in 4 middle market organizations reported a ransomware attack or demand in the past year.
39% of middle market organizations prioritize detection and response in cybersecurity investment.
35% of middle market organizations prioritize broader risk management functions in cybersecurity investment.
23% of middle market organizations prioritize digital identity management.
46% of middle market companies have data governance policies for AI.
52% of respondents at middle market organisations said they are developing communications plans for crises or disruptions.
Canadian middle market firms are less likely to have cyber insurance coverage than U.S. companies (68% versus 82%).
51% of middle market organisations stated they outsourced cybersecurity risk and compliance management. Other leading functions outsourced include cyber incident response and forensics (46%), the security operations center (46%), security awareness training (44%), and vulnerability management (44%).
Reported middle market breaches fell significantly after reaching a record-high of 28% in the 2024 survey.
Larger middle market companies were twice as likely than smaller middle market companies to suffer a breach in the past year.