The changing landscape of cybersecurity

In 2024 alone, half of the businesses in the UK experienced some form of cybersecurity breach or attack. And it wasn't just large businesses in the crosshairs — 45% of the victims were medium-sized businesses. These organisations are an ideal target for cybercriminals; they have access to valuable data and operations without the extensive security infrastructure of large enterprises.

So what can mid-market businesses do to better prepare for the latest cybersecurity challenges? The first step is awareness: understanding the latest threats at your doorstep.

AI-powered social engineering

Social engineering is the manipulation of a person’s trust to trick them into sharing sensitive information, authorising financial transactions, or compromising enterprise security. These attacks usually use AI-generated phishing and deepfake impersonations to gain their target’s trust. 

And these breaches have been costly for businesses. In 2024, hackers tricked an employee of Arup, a UK engineering firm, into transferring $25 million to their accounts. The employee was made to believe the transaction request was genuine using deepfakes of the company's chief financial officer and other senior employees. 

But AI-based attacks aren’t limited to email or videos. Phishing links can be delivered via browser push notifications, SMS, and even phone calls. This makes traditional, rule-based security protocols used by mid-market businesses redundant. To protect themselves, smaller businesses should regularly monitor for every possible threat scenario. 

The quantum computing threat horizon

Today’s encryption algorithms rely on tough mathematical problems that even supercomputers need years to solve. However, Gartner predicts that quantum computing will make existing encryption methods fully breakable by 2034. In other words, the foundational security that protects everything - from online banking to emails, e-commerce, and blockchain - will become obsolete overnight.

Mid-market firms should track these developments and start budgeting for this now so they can upgrade their cryptographic infrastructure standards in the coming years. If you’re using third-party services or software, make sure they're taking steps to implement quantum security as well.

Third-party security risks

Last year's HLB Cybersecurity Report found that 37% of organisations experienced a cybersecurity breach through a third-party vendor in the past year. Hackers target smaller vendors because they have limited security infrastructure, making it easier to exploit them. 

Once they’re in, hackers can expand their attack to cripple hundreds of businesses associated or linked to the vendor with the intention of reaching their actual target. That’s what happened with Progress Software’s MOVEit file transfer app. Attackers exploited a vulnerability in the app to hit one customer, PBI Research Services, which then gave them access to over 2,700 organisations, affecting 93.3 million individual records in the process.

Operational technology security challenges

Unlike information technology (IT), operational technology (OT) refers to software systems that manage operational processes like manufacturing, energy, supply chain, and transportation. 

Traditionally, OT systems operated in isolation. Today, however, businesses are connecting OT systems to their corporate network to enable real-time remote monitoring, data analytics, and resource allocation. This convergence makes operations efficient, but it also makes them susceptible to cybersecurity threats.

In 2024, Russian ransomware group ALPHV BlackCat infiltrated Change Healthcare’s systems, compromising operations for hospitals across the US and impacting patient care, revenue, and finances. It took almost three months for affected hospitals to resume normal operations.

Adapting your leadership and strategy to the new threat landscape

According to CrowdStrike's 2025 Global Threat Report, 79% of attacks were malware-free. Instead, hackers used compromised credentials to access systems as legit users. To address this new threat landscape, businesses should rethink their cybersecurity strategy.

Treat cybersecurity as a strategic business issue

Cybersecurity is more than just an IT issue. According to the Allianz Risk Barometer report, cybercrime continues to be the biggest global business risk of 2025, especially for mid-sized and smaller companies. To manage this risk, consider elevating the chief information security officer role from just a security consultant to a strategic business partner. Using the knowledge of security leaders during strategic planning enables the company to anticipate and mitigate cyber threats.

Reevaluate risk assessment methods

Next, update your existing threat assessment and detection system to acknowledge newer threats like AI-generated phishing and deepfakes. Advanced tools, like behaviour anomaly detection or machine learning security, can flag unusual user behaviour usually associated with these threats. IBM found that businesses using automation and AI to assess cyber threats reduced the average lifecycle of a breach by 80 days and saved $1.9 million per breach.

Prioritise cybersecurity investments

Most mid-market businesses have limited budgets, so ensure you're investing in areas that hackers typically target. Since most attacks try to steal access to credentials, create a strong authentication system using methods like multi-factor authentication or passwordless access. You can also use a third-party service to monitor your vendors for cyber incidents or data leaks.

Don’t ignore basic cyber hygiene

Many breaches come down to fundamental failures like weak passwords, outdated systems, or misconfigured servers. Addressing these shortcomings can significantly reduce cyber incidents. Conduct regular patch management, vulnerability scanning, and network segmentation, as well as regular cybersecurity audits to uncover and fix hidden vulnerabilities. 

Build a cross-functional security culture

It’s nearly impossible to prevent every cyberattack, and everyone - from your summer interns to your CEO - is susceptible. However, some employees may hesitate to report an incident, fearing repercussions for their actions. You can create a cybersecurity-friendly environment by organising continuous cybersecurity training. Doing so educates employees on the latest threats while normalising conversations about cybersecurity. Appointing a security champion in each department also ensures employees always have a trusted point of contact for raising concerns.

Stay agile and informed  

Adopting a continuous improvement mindset can help you better manage any future cyberattacks. Mid-market businesses can stay ahead by following industry threat reports, cybersecurity groups, or threat intelligence services. Many jurisdictions are also implementing stricter cyber regulations. Being proactive about compliance can save you from any setbacks later.

Secure your business operations with HLB

AI-powered social engineering and quantum computing have left mid-market businesses facing cybersecurity threats pulled right out of a sci-fi novel. 

Making cybersecurity readiness a boardroom priority can prepare organisations for these attacks. Business leaders should prioritise risk assessment frameworks, strengthen their authentication systems, and foster a security-conscious culture across all departments. 

At HLB, we help mid-market businesses build resilient defences tailored to counter these threats. Our technology advisory experts combine cutting-edge threat intelligence with practical implementation strategies to protect your operations while ensuring you stay ahead of emerging risks.

Contact us to learn more about our services and develop a comprehensive strategy that protects your business for tomorrow.