Midmarket organizations are large enough to be attractive targets - but not large enough to have the headcount, budget, or tooling sophistication of enterprise security teams. They've outgrown the solutions built for smaller businesses, yet the ones for enterprises weren't designed with them in mind.
Much like middle children, they're often overlooked - caught between organizations larger and smaller than them. That's why we call them the security middle child.
Intruder's Security Middle Child report surveyed over 500 senior security decision-makers across the US and UK, spanning fintech, financial services, healthcare, manufacturing, professional services, retail, and SaaS, to understand how these organizations are really coping.
Key highlights
- Only 9% of midmarket organizations discuss cyber risk at board level.
- 94% say they can catch critical risks before attackers exploit them - but 51% say a zero-day would take a week to assess.
- 42% describe their team as either stretched, overwhelmed, or consistently behind.
- 46% say enterprise platforms assume more staff, budget, or complexity than they can support; 29% say SME tools no longer meet their needs.
- 44% of teams have either outgrown their stack or stitched it together from point solutions that don't provide a unified view.
For the full data, analysis, and what it means for your team, download the report.
