Positive responses regarding familiarity with cyber insurance policy coverages among smaller middle market firms decreased to 51% from 66% last year.

51% of middle market organisations stated they outsourced cybersecurity risk and compliance management. Other leading functions outsourced include cyber incident response and forensics (46%), the security operations center (46%), security awareness training (44%), and vulnerability management (44%).

On average, Canadian respondents at middle market organisations have larger cybersecurity teams, with 39% saying they have 16 or more employees, compared to 11% in the U.S..

24% of respondents in larger middle market organisations (with revenue between $50 million to $1 billion) reported a breach.

A smaller share of Canadian middle market firms indicate they don't have AI governance in place compared to U.S. respondents (5% versus 20%).

12% of respondents from smaller middle market firms (with revenue between $10 million to less than $50 million) reported a breach.

15% of smaller middle market organisations reported at least one ransomware attack or request.

Canadian middle market firms are less likely to have cyber insurance coverage than U.S. companies (68% versus 82%).

18% of middle market organisations experienced a data breach in the last year.

33% of respondents at middle market organisations indicated they have five or fewer data security and privacy employees.

Among middle market companies that experienced at least one ransomware attack, 31% said existing security measures were unsuccessful.

34% of smaller middle market companies noted that AI governance steps are not yet in place.

Familiarity with policy coverages dropped to 69% from 75% in the 2024 data at middle market organisations.

Only 46% of larger and 37% of smaller middle market companies reported collaborating with external partners for coordinated resilience planning.

35% of respondents in larger middle market companies reported at least one ransomware attack or request.

41% of respondents at middle market organisations said their existing security measures were completely successful against ransomware attacks.

52% of respondents at middle market organisations said they are developing communications plans for crises or disruptions.

97% of surveyed executives at middle market organisations reported feeling confident in their current security measures.

Reported middle market breaches fell significantly after reaching a record-high of 28% in the 2024 survey.

Larger middle market companies were twice as likely than smaller middle market companies to suffer a breach in the past year.