According to frequent headlines in the press, cybersecurity is an issue that has seized the attention of corporate boards and the executives who report to them. The reality is probably more nuanced. Although the largest companies in some sectors are engaged in extensive risk management efforts, the broader business community in the middle market remains at best uneven in its response, says Matthew F. Prewitt, partner with law firm Schiff Hardin in Chicago, chair of Schiff Hardin’s data security and privacy team and co-chair of the trade secrets and employee mobility team. These companies, Prewitt says, have adequate resources to enhance materially their data security, and yet many continue to treat cybersecurity as a low-priority issue to be addressed internally by the IT department. Are middle-market companies in a state of denial?