High Contrast

Newsroom
Events
Subscribe
Solutions and services
Insights
About RSM
Careers
Contact RSM

Article

Middle market tech companies must remain focused on cybersecurity during growth

Cybersecurity industry snapshot

May 30, 2024
#
Technology industry Cybersecurity consulting

The technology industry faces a host of challenges to protect its complex systems, data and users amid pervasive cyberthreats.

For midsize technology companies, in particular, the basics are often a good place to start, says Kurt Shenk, an RSM partner and and technology senior analyst. These predominantly private businesses, which often grow quickly due to organic growth, infusions of private capital, or acquisitions, are focused on scaling up, so they can have a blind spot for their cyber vulnerabilities, he says.

“Some of the things that might be second nature at a large firm are not necessarily in place at midmarket tech companies,” says Shenk, noting a lack of incidence response protocols, education around threats such as email phishing or a clear understanding of cybersecurity insurance coverage. “What’s the procedure, who is getting involved and how do you respond when something takes place?”

Even the best preparation cannot always thwart sophisticated attacks, says Shenk, who notes that several of his technology clients now find it necessary to keep bitcoin on their books in the event they fall victim to a ransomware attack and must pay bad actors to release their information.

Some of the things that might be second nature at a large firm are not necessarily in place at midmarket tech companies. What’s the procedure, who is getting involved and how do you respond when something takes place?
Kurt Shenk, RSM Technology Senior Analyst

Well-known technology corporations have been among the most widely reported breaches in recent years. As of late 2023, the SEC began requiring public companies to report “material” cybersecurity incidents within four business days and to disclose annually how they manage cybersecurity—both measures designed to protect investors.

Meanwhile, the use of AI presents technology firms with great opportunity for innovation but also brings additional cyber risk, Shenk says. The European Union in March gave final approval to a set of protections around AI use intended to take effect in about two years, including prohibiting AI-powered social scoring systems and biometric tools that attempt to surmise an individual’s race, politics or sexuality. The United States, by contrast, has yet to put forth similar restrictions.

But Shenk believes the recent SEC requirements may portend a period of heightened regulation that could govern private companies as well.

“The beginning of regulation is there, and it seems like something that will continue,” he says. “Companies are focused on it.”

Related insights

Cybersecurity 2024 special report

Our annual insights into cybersecurity trends, strategies and concerns shaping the marketplace for midsize businesses in an increasingly complex risk environment.

Access the research

THE POWER OF BEING UNDERSTOOD

ASSURANCE | TAX | CONSULTING

RSM Canada LLP is a limited liability partnership that provides public accounting services and is the Canadian member firm of RSM International, a global network of independent assurance, tax and consulting firms. RSM Canada Consulting LP is a limited partnership that provides consulting services and is an affiliate of RSM US LLP, a member firm of RSM International. The member firms of RSM International collaborate to provide services to global clients but are separate and distinct legal entities that cannot obligate each other. Each member firm is responsible only for its own acts and omissions, and not those of any other party. Visit rsmcanada.com/about for more information regarding RSM Canada and RSM International.

©2024 RSM CANADA LLP. All rights reserved.