In defending against ransomware and other types of cyber threats, large enterprises spend big on security tools, up from an estimated $106.6 billion in 2019 to an expected $151.2 billion by 2023, according to data from International Data Corporation’s Worldwide Semiannual Security Spending Guide. Most big organizations operate a 24/7 security operations center and have an astonishing 50 or more cyber defense tools at their disposal.
Faced with growing cyber defenses employed by these larger companies, cybercriminals — specifically ransomware gangs — began casting a different net, swiftly reaching a crescendo in early 2021 by targeting smaller organizations like hospitals, schools, municipal governments, manufacturers and other firms less capable of high-powered defense. Known in the vendor-driven sales world as mid-sized enterprises, or MSEs, these firms don’t fall under the resource-rich protective umbrella of large enterprises. They typically have no security operations center to continually monitor for and defend against attacks. In my experience working with MSEs, the average number of security tools at an MSE is about five. Most have a small staff of fewer than 10 security people, and many wear multiple hats as IT, security and compliance professionals. MSE security budgets are also small, typically under 2% of a relatively small IT budget.