Skills gap leads enterprises to outsource cybersecurity
A new survey of over 1,700 senior decision makers and influencers in leadership, technology and security roles across Europe finds that 48 percent manage their security operations in house compared to 52 percent who use a third party.
The study from Logpoint finds more than a quarter (28 percent) of UK businesses intend to outsource security over the course of the next two years.
There are geographical differences, in France 65 percent take an in-house approach while 35 percent outsource of which 24 percent intend to outsource, while in Germany 77 percent opt for in house, 23 percent outsource and 27 percent intend to do so. In the Nordic region, 54 percent keep operations in house and 46 percent outsource with 14 percent intending to externalize. All of these markets though are experiencing a swing in favor of outsourcing that will see the practice become equal to or outstrip in house provision.
The main reason given for keeping security in house is utilizing internal skills and knowledge which could well change as organizations struggle to recruit the necessary expertise due to the skills shortage. In fact, 60 percent of those that do outsource say this is because they are missing internal skills and knowledge and 48 percent say it’s because they couldn't recruit candidates with the required skills/knowledge.
Interestingly 30 percent say they outsource security management to a third party to shift accountability. Organizations are increasingly relying on an MSSP to prove compliance or to satisfy the requirements of a cyber insurance provider. It's a factor that could prove an even bigger draw as compliance regulations such as NIS2 prioritize personal accountability and the need to maintain oversight of security processes and procedures.
"The burden of regulatory compliance coupled with the onus being placed on individual members of the board and senior management is driving demand for MSSP services. Using a third party can provide the organization with access to the latest technology and skilled experts but also enables them to prove compliance through tailored solutions that can meet the requirements of specific regulations such as GDPR and NIS2," says Innes Muir, regional manager, MSSPs, UK, EIRE and RoW, at Logpoint. "Going forward, the expectation is that more regulations, such as the Cyber Security and Resilience Bill, will follow suit and make accountability part and parcel of risk management and incident reporting, further driving the shift to outsourcing."
Compliance with regulations is the number one factor for choosing a security solution from an MSSP in the UK for an overwhelming 93 percent of those questioned. Other key issues noted by 87 percent of respondents in each case are the ability to support growth/change, to keep pace with cybersecurity trends and technology, and the storage of data within the jurisdiction of the EU.
You can find out more on the Logpoint site.
Image credit: tashatuvango/depositphotos.com