44% of Middle-Market Firms Invest in Cybercrime Protection

Cybersecurity is top of mind for many C-suite executives.

However, it’s middle-market chief financial officers in particular that are feeling the pressure, according to the PYMNTS Intelligence report “Cybersecurity Risks Cause Middle-Market CFOs to Cancel Innovation Plans.”

The main causality for middle-market firms is the ability to implement innovation, as budgets allocated for those initiatives are often sapped by countering potential cyber threats such as security breaches and ransomware attacks. These threats are further exacerbated not only by the number of attacks but also by the multiple entry points that need to be secured, from customer portals to systems connected to partner businesses, vendors and clients.

To mitigate these constraints, many middle-market firms, particularly those in high-uncertainty environments, are attempting to get out in front of them through pre-emptive measures, such as training and updated internal security policies.

Across the board, roughly a third of all middle-market firms, regardless of uncertainty level, have increased cybersecurity training and awareness programs for employees. The report found that half of high-uncertainty respondents have conducted a cybersecurity risk assessment, compared to less than a quarter for low- and middle-uncertainty firms. Where a firm landed on the uncertainty scale reflected what measures they were taking to combat cybersecurity issues.

For example, 31% of high-uncertainty organizations had conducted third-party penetration testing or vulnerability assessments while 10% of middle-uncertainty firms had done so. Those responses were in line with the competing interests faced by firms, depending on their level of uncertainty in their given field.

High-uncertainty firms were more likely to have turned to advanced technologies to efficiently deal with cyber threats, according to the report. To that end, 44% of the most uncertain firms had invested in technologies such as artificial intelligence-driven threat detection.

AI is also starting to emerge as a possible source of online threats, according to cybersecurity firm AppSOC, which dubbed the DeepSeek AI model a “Pandora’s box of security risks” after a round of tests on the technology.

The PYMNTS Intelligence report found that 13% of high-uncertainty businesses had implemented multifactor authentication across systems versus nearly a third of low- and middle-uncertainty operations. The often-costly move of hiring third-party cybersecurity firms was not popular with any demographic, with only around 15% of all firms doing so.

The level of optimism regarding cybersecurity improvements in 2025 is tied to a firm’s level of uncertainty. According to the report, 19% of CFOs in high-uncertainty organizations said they expected conditions to improve, and 31% of high-uncertainty firms said they expected cybersecurity risks to worsen in the coming year.

In contrast, 74% of low-uncertainty firms said they expected conditions to improve in the near term. This effectively illustrates the challenges faced by high-uncertainty firms as they balance other challenges in addition to cybersecurity.

The post 44% of Middle-Market Firms Invest in Cybercrime Protection appeared first on PYMNTS.com.