Cyberthreats and the rise of SOC 2

Jul 18, 2023
Risk consulting Business risk consulting

Companies today face more frequent and sophisticated cybersecurity threats than ever before. And, according to our report on how the middle market continues to battle evolving cybersecurity risks:


of respondents have moved data to the cloud for security purposes

The RSM report finds that the threat of a breach is a major concern for all organizations.


of executives believed unauthorized users would attempt to access data or systems in 2023.


of middle market executives said their company had previously experienced a data breach.


of respondents had outside parties attempt to manipulate employees by pretending to be trusted third parties or company executives.

In this fraught cybersecurity environment, just reacting to security threats is no longer an option—companies must be proactive.

The challenge is: most companies rely on a variety of cloud services, and technology and automation solutions. While some have the bandwidth to handle their IT and security needs in-house, many companies are outsourcing to third-party service providers, making it difficult for leadership to get the operational insight needed—both internally and from their third parties.

In the RSM survey:

70% of respondents reported increased policy premiums.

Consistent with last year, only 2% saw a decrease in premiums.


Companies need cybersecurity information from third-party service providers to manage their business and respond to increased scrutiny from regulators, sales prospects and customers.

System and Organization Controls (SOC) reports and the new SOC 2 reports can provide transparency into your operations or those of your service providers, including:


About infrastructure, software, people, procedures, data, and risk management.


Into security, availability, processing integrity, confidentiality, or privacy.


Of all the tests conducted and the related results.

Your company should consider proactively preparing SOC and SOC 2 reports because:

  • They replace or supplement what most regulators and customers would audit.
  • Many service providers are required to provide a SOC report to be considered a business partner.
  • Offering these reports can help your company gain a competitive advantage.
In the RSM report:


of middle market companies moved or migrated data to the cloud as a result of security concerns during the past year.

2 in 3

Two in three cybersecurity incidents involving system intrusions originate via an organization’s partners, according to Verizon’s 2022 Data Breach Investigations Report.


ISACA’s State of Cybersecurity Report finds that 63% of cybersecurity teams are understaffed.

Getting started with SOC and SOC 2 reporting

SOC reporting can be complex. While some companies can do these reports in-house, many companies can’t.

An outside advisor can help your organization:

  • Identify the most appropriate SOC report to provide control assurance to regulators, your customers, and other stakeholders.
  • Conduct a SOC readiness audit.
  • Prepare SOC reports.
  • Navigate the challenges of SOC reporting.

Related insights

Cybersecurity 2024 special report

Our annual insights into cybersecurity trends, strategies and concerns shaping the marketplace for midsize businesses in an increasingly complex risk environment.