91% of respondents said they expect their middle market's organisation's cybersecurity budget to increase in the year ahead.

The number of middle market firms that reported carrying a cyber insurance policy reached a record-high of 82%, up from 76% a year ago.

51% of respondents at middle market organisations said they are developing and maintaining a business continuity plan.

50% of respondents at middle market organisations are implementing disaster recovery plans for critical systems.

25% of surveyed executives at middle market organisations reported experiencing at least one ransomware attack or demand in the previous 12 months.

47% of larger middle market firms reported that their top continuity strategy is leveraging technology to hunt for threats and respond to cyber events.

While most respondents from smaller middle market companies cited having 0-5 internal personnel focused on data security and privacy, 36% of larger middle market organisations reported having 6-10 employees and another 36% said they have 11-15 employees in this area.

28% of respondents at middle market organisations said their existing security measures were partially successful against ransomware attacks.

Ransomware cases accounted for over 90 percent of Sophos Incident Response cases for midsized organisations (from 500 to 5000 employees) in 2024.