Middle market businesses are often considered the backbone of the American economy. They represent a third of private sector GDP and employ around 48 million people, according to the National Center for the Middle Market.
But many of these businesses often don’t have knowledge or capability to strengthen their cyber resilience, creating a ‘resource gap’ for this segment, according to Zurich North America, which launched its middle market cyber insurance product earlier this year.
“We recognize that cyber resilience is very critical for organizations of all sizes,” said Michelle Chia (pictured right), head of professional liability and cyber at Zurich North America.
“We see a lot of cyber insurance applications provided by organizations, and there are a lot of areas that could be strengthened. At the end of the day, it's our job and our responsibility to help strengthen their cyber resilience.”
Mid-sized businesses are especially vulnerable to cyber threats, in part because their cybersecurity structures are not as robust as their larger counterparts.
In the first quarter of 2023, a survey of mid-sized firms with less than 2,000 employees by managed security platform Huntress found that 24% had suffered a cyberattack or were unsure if they suffered one in the previous 12 months. Roughly two-thirds (61%) did not have dedicated cybersecurity experts in their roster and nearly half (47%) didn’t have an incident response plan.
David Shluger (pictured left), vice president of cyber risk engineering at Zurich North America, said mid-sized businesses need support to be more proactive over their cybersecurity.
“Our middle market customers are increasingly reliant on technology. They're interconnected with their customers, vendors, and suppliers and it’s becoming more complex world to operate in,” Shluger said.
“I think it’s challenging for them to know where to invest to maximize the protection, and where to invest to plan on a contingency basis.”
Another key concern is that middle market businesses are not keeping their cyber defenses at pace with the evolving risk in the market.
For instance, while ransomware events dipped in 2022, attacks have gathered pace again this year. Cyber incidents affecting US organizations account for 47% of global attacks, according to AAG IT.
“Cyber continues to evolve and we continue to adopt technology and very in an accelerated way,” said Chia.
“Middle market organizations are adopting technology at the same pace as their larger, more complex counterparts. But do they know the risks as they adopt these technologies?”
Bridging the cyber resource gap involves addressing several challenges that organizations face pre- and post-event.
“The first part is creating awareness. Before they become a customer, how can we help them understand the areas where they can strengthen themselves?” Chia said. “The second component is, once they have that insurance policy, how do they respond and who do they call after a cyber event occurs?”
To bolster mid-sized organizations against an increasingly complex cyber risk landscape, knowledge and experience of best practices are critical, Shluger said.
“One of the biggest challenges in the industry is that a lot of the advice is either inaccessible or unverified,” he said. “There is a clear need in the market for resources dedicated to the middle market space.”
Do you agree that there’s a cyber resource gap for middle market businesses? How can the insurance industry help bridge this gap? Share your perspective in the comments below.