51% of middle market organisations stated they outsourced cybersecurity risk and compliance management. Other leading functions outsourced include cyber incident response and forensics (46%), the security operations center (46%), security awareness training (44%), and vulnerability management (44%).

Organisations cited financial penalties (39%), security breaches (36%), and reputational damage (36%) as the top risks of poor compliance management