Prepared vs. vulnerable: How middle market leaders face cyber and fraud threats
Recent survey findings reveal a staggering seven in 10 companies experienced a cyber or fraud incident in the past year. The question is no longer if an incident will occur. Rather, it is “Are we sufficiently prepared?” As cybersecurity and fraud become everyday risks, middle market leaders are challenged to respond strategically to the growing threat landscape.
KeyBank’s July 2025 Middle Market Sentiment Report delivers data-backed perspectives on cybersecurity and fraud, drawn from the experiences of 762 owners and executives of U.S. middle market businesses with annual revenues between $10 million and $1 billion.
The survey asked leaders how they're responding to the ever-increasing threats of cyber and fraud events, uncovering four key insights into the types of incidents they face, the strategic investments underway to mitigate future risks, and the vital gaps that remain.
Key analysis of cyber and fraud trends in 2025
1. Cyber and fraud incidents are the new normal
What middle market leaders are saying
Cyber and fraud threats have become part of the everyday business landscape with 72% of middle market companies reporting incidents over the past year. Among the most common fraud incidents, phishing and email spoofing (33%) lead the way, followed closely by data corruption (32%) and identity theft (24%). These patterns are influencing how leaders prioritize cybersecurity investments and shape their response strategies.
GRAPH 1 – Has your company experienced any of the following the past 12 months?
Phishing/email spoofing 33%
Data corruption 32%
Identity theft 24%
Check fraud 23%
Financial statement fraud 21%
Ransomware attacks 21%
Did not experience 28%
What it means for you
Middle market leaders are managing cyber and fraud threats as part of day-to-day operations, balancing risk mitigation with business continuity through cross-functional collaboration. Even small disconnects between finance and IT teams can lead to large consequences: operational slowdowns, reputational hits, and shaken customer confidence.
These attacks go beyond technical headaches. Phishing, data manipulation, and identity theft can strike the systems that power financial reporting, cash flow visibility, and investor confidence. When those systems are compromised, the impact is immediate and often expensive.
That's why protecting against cyber and fraud threats is becoming a strategic priority. Cross-functional alignment, a culture of accountability, and investments in controls and training aren't just defensive moves anymore. They're key drivers that help protect value and position your business to respond with speed and clarity when it matters most.
2. The resurgence of check fraud and its toll on middle market companies
What middle market leaders are saying
Of middle market leaders surveyed, 23% reported incidents of check fraud within the past 12 months. Criminals are increasingly targeting businesses through physical mail theft and check alteration.
Paper checks are a weak link. Check fraud rivals ransomware claims for some mid-sized companies. The fix isn't flashy — fewer checks, daily reconciliation, and proactive fraud detection products — but can help save real dollars and preserve client trust.
John Carney
Head of Operational Risk, KeyBank Commercial
What it means for you
Check fraud is evolving quickly as criminals are exploiting vulnerabilities in physical mail systems and using more sophisticated techniques to alter checks before they're cashed. For finance leaders, this isn't just a nuisance. It's a direct threat to cash flow, client relationships, and operational integrity.
The risk is especially high in environments where paper checks are still part of routine disbursements. After funds are out the door, recovery is difficult, and the reputational damage can linger. More companies are accelerating the shift to digital payments, tightening reconciliation practices, and equipping staff to spot red flags before fraud occurs.
But basic controls aren't always enough. Advanced fraud detection tools can offer real-time oversight and can flag suspicious activity before it becomes a loss. For middle market businesses, this is about more than avoiding theft. It's about protecting liquidity and ensuring that financial operations are strong in a high-threat landscape.
3. Optimistic companies double down on cybersecurity protections
What middle market leaders are saying
Companies with a more optimistic outlook are taking a proactive stance on cybersecurity, recognizing it as a foundation for long-term resilience.
Among middle market firms projecting strong performance over the next 12 months:
- 74% plan to significantly or moderately increase their cybersecurity investments
- Only 4% report no planned increases
In contrast, less confident firms are proceeding more cautiously:
- Only 49% plan to significantly or moderately increase their cybersecurity investments
- 15% report no planned increases
GRAPH 2 – What increase in spend do you plan to make in cybersecurity in the next 12 months?
Base: Companies with an “excellent/very good” company outlook
No investment increase planned 4%
Small increase (less than 5%) 23%
Moderate increase (5-20%) 54%
Significant increase (over 20%) 20%
What it means for you
For growth-minded leaders, cybersecurity is more than a budget line. It’s a baseline for success. Cybersecurity can keep operations running smoothly, protect sensitive financial data, and maintain the trust of customers and investors.
The stakes are high. A single breach can disrupt cash flow, delay reporting, damage reputation, and diminish stakeholder confidence — all of which can stall momentum. And in today’s environment, the cost of recovery often outweighs the cost of prevention.
Forward-looking companies are investing in cybersecurity now — not just to prevent losses, but to prepare for growth. Strategic investments help reduce exposure, minimize downtime, and allow teams to focus more on driving results than reacting to crises. Prioritizing cybersecurity signals readiness and positions your business to operate more securely in an increasingly unpredictable environment.
4. Companies invest in fraud tools, yet lack employee training
What middle market leaders are saying
As cyber risks continue to escalate, the majority of middle market leaders anticipate at least a moderate increase in their cybersecurity budgets to keep pace, with planned security enhancements largely focused on technical controls.
Survey findings show a concerning gap in organizations investing in employee training as a cybersecurity defense — a critical component in preventing breaches before they occur. Only 24% of companies plan to formalize written cybersecurity policies, and just 18% intend to provide training on social engineering threats.
GRAPH 3 – What are the main challenges your company would face when pursuing any M&A activities?
Buy side
Develop/leverage existing relationships 44%
Availability and cost of financing 43%
Cultural considerations 43%
Managing the integration process & extracting strategies 42%
Bandwidth and resources to complete due diligence 39%
Market disruptions/unpredictable events 32%
Sell side
Develop/leverage existing relationships 58%
Cultural considerations 56%
Bandwidth and resources to complete due diligence 42%
Market disruptions/unpredictable events 47%
During 2026 21%
During 2027 24%
Improve cash flow management 72%
Focus on cost reduction 49%
Raising equity 47%
Increasing debt capacity 42%
What it means for you
Technology alone isn't enough. While many companies are investing in fraud detection tools, a foundational gap remains with employee training. Without it, even the most advanced systems can be bypassed by a single click or oversight.
Cyber threats like phishing and social engineering are designed to manipulate human behavior, which is why every employee needs to understand their role in protecting the business. Clear, written policies and regular training are frontline defenses against costly breaches.
For middle market leaders, the risk is real: a single misstep can lead to financial loss, reputational damage, and operational disruption. Investing in employee awareness is a strategic move that strengthens internal controls, reinforces accountability, and helps ensure your business is protected from the inside out.
Final thoughts
Cybersecurity can be a competitive differentiator. Forward-looking leaders are leveraging strong cybersecurity practices to strengthen defenses, and also build credibility with customers and regulators, positioning their organizations as secure and reliable business advisors.
KeyBank offers customized insights, tailored financial solutions, and real-time guidance to help you navigate uncertainty and guard against cyber and fraud threats.