That's according to Node4's Mid-Market IT Priorities Report 2024, which found that it was considered the top cyber security threat over the next 12 months.
That was followed by AI-related threats, ransomware, deep fakes and malware. The top 10 was completed with DoS attacks, supply chain attacks, phishing, zero-day attacks and scams/fraud.
Paul Bryce, managing director at Node4, said, "The high level of concern around insider threats could be attributed to the large number of job transitions and redundancies over the past 12 months, coupled with the growing reliance on contractors to address IT and cyber security skills gaps. It might also be linked to long-term, security-related worries, flexible working and the increased potential for cyber attacks on a distributed workforce."
Node4's research also points to significant adoption of pre-crime and preventative cyber security measures, with around 40 per cent of respondents saying that they currently have dark web intelligence and incident response capabilities — suggesting a growing level of maturity in cyber security policy adoption across the mid-market.
The report also reveals a high degree of optimism around cyber security defence capabilities. More than three-quarters of IT decision-makers said that they were confident in their organisation’s ability to prevent and respond to cyber-attacks, despite the research being conducted at a time of increased cyber security attacks aimed squarely at small and mid-sized organisations. Breaking down these results by vertical sector, IT decision-makers working in private healthcare were the most confident, while those in retail were least so.
However, more than a quarter of respondents believe that AI could expose their organisation to new cyber security risks in the future, and that dealing with AI-related threats is their top priority for the next 12 months. Further, around one-third of compliance challenges identified by respondents are directly linked to IT security and cyber security risk mitigation — pointing to the ongoing complex issues in ensuring secure remote access to corporate data. Taken together, these findings indicate now is not the time for complacency, and that mid-market IT decision-makers need to double down on their proactive, vigilant cyber security stance.
The report also found that less than 15 per cent of mid-market IT decision-makers manage cyber security defences with internal staff, while more than one third outsource to MSPs. The majority rely on a combination of in-house resources and their MSP. This could explain why almost one quarter of respondents said that the need to enhance data security and compliance was driving their digital transformation efforts.
Bryce said, "Our findings show that many mid-market organisations are working hard to implement more mature and effective cyber security measures, which is encouraging given that the combined impact of lower budgets, fewer resources and a shortage of in-house skills could easily hamper these efforts. However, around a quarter of respondents stated that a lack of suitable services from cloud providers, primary tech partners and MSPs was a principal barrier to doing so. This suggests the mid-market relies increasingly on third-party support to do the heavy lifting for its cyber security strategy implementations — and will lean on it to an even greater degree as cybercriminal threats become even more complex, harder to spot and difficult to repel."