More UK firms are adopting managed security services to alleviate cyber security concerns.
According to a new study conducted by Pierre Audoin Consultants, as a global security skills shortage continues, firms are looking to external provision in order to lower costs and access the required expertise. Its survey of 230 people from both business and IT functions found that 21 per cent of companies use no external cyber security resources, 40 per cent buy in security expertise for specific projects, while 34 per cent use managed security services. 13 per cent outsource all their cyber security provision.
“Firms are between a rock and a hard place when it comes to cyber security provision,” said Duncan Brown, research director at PAC. “The double whammy of insufficient funds and a scarcity of skills appears to be driving organisations towards external resources, including outsourcing, even though there is a clear reluctance to do this.”
Instead, says Brown, firms will use a selective outsourcing model, picking the tasks and services that can be handed off to third parties. “This represents an entirely pragmatic approach. Organisations dislike losing visibility and control of processes, especially those that have a high risk profile such as cyber security,” he said.
“The increasingly pervasive nature of digitisation-enabled operating models, with vulnerabilities not just in the core organisation but its inter-connected supply chain and customers, makes cyber security a core business capability,” said Richard Preece, director at cybX.
“Cyber security should be approached as an enterprise-wide risk issue, rather than an IT concern. It’s positive to see that cyber is at the forefront of many organisations’ strategic risk register: however, there is still some work needed to change the perception of cyber being a ‘grudge’ security cost centre, to a more business-aligned strategy supporting aspects of organisational transformation and change to achieve business objectives.”
Darren Anstee, director of solutions architects at Arbor Networks, said: “What’s interesting here is the finding that around half of organisations are seeing an increase in security workload, with less than a half seeing budget increases to help deal with this. This illustrates why organisations need to focus on solutions which can speed up incident handling, improving the efficiency and effectiveness of security teams, rather than simply adding additional event generating layers to their defenses.”