Alongside the rapid adoption of AI tools and the acceleration of digital attack capabilities, the gap between the sophistication of attackers and the defensive capacity of mid-market organizations has widened significantly. These businesses now operate in advanced technological environments: cloud infrastructure, SaaS applications, remote work models, and complex identity frameworks, yet often rely on small internal security teams or outsourced IT providers. As is often the case during periods of rapid technological transformation, organizations without the appropriate operational framework are disproportionately exposed.
Most cyber security solutions in the market - whether developed by global vendors or startups, are primarily designed for large enterprise environments such as multinational banks with hundreds of thousands of employees and highly complex infrastructures. As a result, smaller firms have frequently lacked solutions tailored to their specific operational realities.
To address this gap, Ro’ee Margalit (CEO) and Avidan Barak (CTO) founded Rotate. Having spent years in cyber security and AI - and previously worked together in leading technological military units, the two identified the disparity between the sophisticated security architectures available to enterprise organizations and the reality faced by smaller players operating in the same cloud environments but without dedicated security teams.
“We saw how advanced technologies were being used to build complex offensive campaigns,” says Margalit. “The question was how to bring a comparable level of sophistication to the defense of smaller organizations.”
Rotate developed a unified platform that views the workspace as a single ecosystem, integrating email, identities, cloud applications, endpoints, and remote access under one management layer. By correlating events across these domains and identifying anomalies in real time, the platform enables effective protection even for organizations without extensive security infrastructure.
The data underscores the shift. According to Check Point data, the second half of 2025 saw a 36% global increase in attack attempts targeting this sector, while attack levels against large enterprises remained relatively stable. It is the acceleration in pace, rather than the absolute volume alone, that signals a structural change in threat patterns.
According to Margalit, the primary driver is AI’s impact on the economics of attack. “When automated and highly personalized campaigns can be generated at scale, there is no longer a need for attackers to focus exclusively on large enterprises,” he explains. “Organizations with hundreds or even a few thousand employees become viable targets.”
Today, approximately 43% of cyber attacks are directed at this segment – which typically does not employ a dedicated CISO and often lacks continuous monitoring capabilities. At the same time, 62% of these businesses have experienced communication with malicious websites, and 34% have faced attempted exploitation originating outside their organizational network. While large corporations may absorb such incidents as part of routine operations, for smaller organizations these events accumulate into operational strain that is difficult to manage without centralized visibility.
A central element of the company’s strategy has been working through managed IT and security service providers, who oversee multiple clients simultaneously. “Most small businesses do not purchase cyber security solutions directly from vendors,” Margalit notes. “They work through external providers, so it was critical to enable centralized management of thousands of organizations without requiring complex infrastructure for each one.”
Joining Check Point enables expansion at a global scale. “The goal was to make unified protection accessible to a much broader audience,” says Margalit. “Reaching millions of organizations requires international reach and a comprehensive platform.”
“SMBs are not marginal to the economy,” he concludes. “Their level of protection should reflect their level of exposure.”