Middle market businesses leaving themselves open to cyber-attacks