Mid-size organizations are large enough to be attractive targets — with complex digital estates, significant revenue, and valuable data — but not large enough to have the headcount, budget maturity, or tooling sophistication of enterprise security teams.
A new report from Intruder surveyed over 500 senior security decision-makers across the US and UK to get a picture of how these businesses are coping in an increasingly difficult security landscape,
“Midmarket companies are being treated as the middle child when it comes to cybersecurity solutions. They are overlooked by vendors focused on Fortune 500s or SMBs, while they are just as important and just as vulnerable to attackers,” says Chris Wallis CEO and founder of Intruder.
On the surface midmarket security leaders defy the stereotype of an overworked, underfunded team. 89 percent say that budgets are increasing. 70 percent say that headcount has kept pace with estate growth. 94 percent say they’re confident in their ability to identify and remediate critical risks before attackers exploit them — 51 percent very confident.
Go a little deeper, however, and that confidence is unevenly distributed. 65 percent of C-level respondents say they’re very confident in their ability to catch critical threats. This figure drops to 55 percent among directors, 46 percent among senior managers, and 36 percent among middle managers.
Among those closest to the coal face 51 percent of respondents say it would take approximately a week to assess their exposure to a critical zero-day. 28 percent of respondents cite lack of visibility into what’s exposed as a top operational challenge, 18 percent are tracking internet-facing assets manually, and nine percent are running multiple cloud environments without a unified view of security risk across them.
This is against a background of rapid expansion 91 percent of respondents say their digital estate grew over the past 24 months — 38 percent significantly so. For 70 percent of organizations, headcount kept pace with estate growth — for 30 percent of those, it grew faster. For 17 percent, however, headcount grew more slowly, and for nearly 10 percent it stayed flat.
Despite expanding headcount, 42 percent of teams report being under strain. 21 percent describe themselves as stretched but coping, 11 percent as overwhelmed and reactive, and nine percent as consistently behind and exposed. Professional services and manufacturing report the highest strain (51 percent and 46 percent), while SaaS and healthcare are coping better (38 percent and 35 percent).
Tools sprawl is an issue too, 44 percent of teams say they have either outgrown their security stack or stitched it together from point solutions that fail to provide a unified view. This has a cost with 26 percent citing navigating too many security tools as a top challenge, 24 percent too many alerts with poor prioritization, and 20 percent the inability to measure and report on cyber hygiene.
The report’s authors conclude:
The midmarket security gap isn’t a spending problem — budgets are growing. It isn’t an awareness problem — leaders know the challenges they face. It’s a structural one: the tools available to midmarket security teams were never built for the position they’re now in.
Until that changes, the gap between how these teams perceive themselves and how they actually operate will keep widening.
You can get the full report from the Intruder site.
Image Credit: Yuri Arcurs/Dreamstime.com
![responding-to-the-challenge-of-deepfakes-[q&a]](https://thetechbriefs.com/wp-content/uploads/2025/09/62306-responding-to-the-challenge-of-deepfakes-qa.jpg)
