Source: RSM US LLP.   

July 24, 2023

Companies today face more frequent and sophisticated cybersecurity threats than ever before. And, according to the 2023 RSM US Middle Market Business Index Cybersecurity Special Report:


of respondents have moved data to the cloud for security purposes

The report finds that the threat of a breach is a major concern for all organizations.


of executives believed unauthorized users would attempt to access data or systems in 2023.


of middle market executives said their company had previously experienced a data breach.


of respondents had outside parties attempt to manipulate employees by pretending to be trusted third parties or company executives.

In this fraught cybersecurity environment, just reacting to security threats is no longer an option—companies must be proactive.

The challenge is: most companies rely on a variety of cloud services, and technology and automation solutions. While some have the bandwidth to handle their IT and security needs in-house, many companies are outsourcing to third-party service providers, making it difficult for leadership to get the operational insight needed—both internally and from their third parties.

In the survey:

70% of respondents reported increased policy premiums.

Consistent with last year, only 2% saw a decrease in premiums.

Companies need cybersecurity information from third-party service providers to manage their business and respond to increased scrutiny from regulators, sales prospects and customers.

Service organization control (SOC) reports and the new SOC 2 reports can provide transparency into your operations or those of your service providers, including:


About infrastructure, software, people, procedures, data, and risk management.


Into security, availability, processing integrity, confidentiality, or privacy.


Of all the tests conducted and the related results.

Your company should consider proactively preparing SOC and SOC 2 reports because:

  • They replace or supplement what most regulators and customers would audit.
  • Many service providers are required to provide a SOC report to be considered a business partner.
  • Offering these reports can help your company gain a competitive advantage.

In the report:


of middle market companies moved or migrated data to the cloud as a result of security concerns during the past year.

2 in 3

Two in three cybersecurity incidents involving system intrusions originate via an organization’s partners, according to Verizon’s 2022 Data Breach Investigations Report.


ISACA’s State of Cybersecurity Report finds that 63% of cybersecurity teams are understaffed.

Getting started with SOC and SOC 2 reporting

SOC reporting can be complex. While some companies can do these reports in-house, many companies can’t.

An outside advisor can help your organization:

  • Identify the most appropriate SOC report to provide control assurance to regulators, your customers, and other stakeholders.
  • Conduct a SOC readiness audit.
  • Prepare SOC reports.
  • Navigate the challenges of SOC reporting.

This article was written by RSM US LLP and originally appeared on 2023-07-18.
2022 RSM US LLP. All rights reserved.


RSM US Alliance provides its members with access to resources of RSM US LLP. RSM US Alliance member firms are separate and independent businesses and legal entities that are responsible for their own acts and omissions, and each are separate and independent from RSM US LLP. RSM US LLP is the U.S. member firm of RSM International, a global network of independent audit, tax, and consulting firms. Members of RSM US Alliance have access to RSM International resources through RSM US LLP but are not member firms of RSM International. Visit for more information regarding RSM US LLP and RSM International. The RSM(tm) brandmark is used under license by RSM US LLP. RSM US Alliance products and services are proprietary to RSM US LLP.