UK businesses set to outsource security operations

MSSPs identify regulatory compliance as additional factor as organisations seek to shift accountability.

  • 3 days ago Posted in

Logpoint has revealed the findings from its European Cybersecurity Sector 2024 report which indicates the majority of UK businesses will soon be outsourcing their security operations. The survey of 1,762 senior decision makers and influencers in leadership, technology and security roles across Europe found that while 48% manage their security operations inhouse versus 52% who use a third party, more than a quarter (28%) of UK businesses intend to outsource over the course of the next two years.

For comparison, in France 65% take an inhouse approach while 35% outsource of which 24% intend to outsource, while in Germany 77% opt for inhouse and 23% outsource and 27% intend to do so, and in the Nordic region, 54% keep operations inhouse and 46% outsource with 14% intending to externalise. All of these markets are experiencing a swing in favour of outsourcing that will see the practice become equal to or outstrip inhouse provision. Key reasons given for the switch include the ability to benefit from external skills and knowledge, cost efficiencies linked to clear and predictable pricing, and effective security management which is likely to see a spur in demand for MSSPs (Managed Security Service Providers).

The main reason given for keeping security inhouse was utilising internal skills and knowledge which could well change as organisations struggle to recruit the necessary expertise due to the skills shortage. In fact, 60% of those that do outsource said this was because they were missing internal skills and knowledge and 48% said it was because they couldn’t recruit candidates with the requisite skills/knowledge. The ISC2 2024 Cybersecurity Workforce Study reveals that the UK has the widest workforce gap in Europe, having grown 27.1% over the course of the past year while at the same time its workforce has shrunk 4.9% due to layoffs and economic stagnancy, supporting the argument that a diminishing talent pool is contributing to the outsourcing trend.

Interestingly, almost a third (30%) said they outsource security management to a third party to shift accountability. Organisations are increasingly relying upon an MSSP to prove compliance or to satisfy the requirements of a cyber insurance provider. It’s a factor that could well prove an even bigger draw as compliance regulations such as NIS2 prioritise personal accountability and the need to maintain oversight of security processes and procedures. The main selection criteria for choosing an MSSP today is the quality of the service offering (46%), followed by the reputation of the provider (19%), price (12%), breadth (11%) and the ability of the customer to influence the technology used (9%).

“The burden of regulatory compliance coupled with the onus being placed on individual members of the board and senior management is driving demand for MSSP services. Using a third party can provide the organisation with access to the latest technology and skilled experts but also enables them to prove compliance through tailored solutions that can meet the requirements of specific regulations such as GDPR and NIS2,” said Innes Muir, Regional Manager, MSSPs, UK, EIRE and RoW, at Logpoint. “Going forward, the expectation is that more regulations, such as the Cyber Security and Resilience Bill, will follow suit and make accountability part and parcel of risk management and incident reporting, further driving the shift to outsourcing.”

The survey also questioned MSSPs to gain their perspective on what motivates customers to outsource. Reasons included the overall security benefits, external skills and knowledge, and availability of services 24x7, as well as cost efficiencies, trust and the offering of a centralised hub or portal. Transparent and predictable pricing was deemed more important than offering a lower cost solution, demonstrating that cost isn’t necessarily king even during an economic downturn.

The importance of the Channel was evident, with MSSPs naming technology partners, specialists and suppliers as their primary source of information when selecting security solutions. Selection is predominantly focused on the solution’s effectiveness in managing and mitigating security incidents (63%) and proven effectiveness (62%) but in third place was the ability of the solution to meet GDPR and local regulations (61%). This reflects the growing demand for solutions that not only comply but offer compliance-specific monitoring and reporting. Likewise, compliance was third on the list for those that manage their security inhouse (56%) behind proven effectiveness (61%) and ease of integration (59%).

The survey found compliance with these regulations was the number one factor for choosing a security solution from an MSSP in the UK for an overwhelming 93% of those questioned. Other key issues noted by 87% of respondents in each case were the ability to support growth/change, to keep pace with cybersecurity trends and technology, and the storage of data within the jurisdiction of the EU. Looking to the future, the survey revealed that MSSPs are also likely to look for bundled offerings from cybersecurity vendors with solutions that align with the flagship platform, with 94% expressing an interest in this type of offering.

Ransom attacks in the cloud are a perennially popular topic of discussion in the cloud security...
Talent and training partner, mthree, which supports major global tech, banking, and business...
Cloud-native organisations to gain full understanding over every identity in the cloud, secured...
Orange Business (Norway), a global leader in digital services, has selected ARMO’s advanced...
Gigamon and Exclusive Networks have expanded their existing distribution partnership, broadening...
Trustwave and Cybereason have announced a definitive merger agreement offering a comprehensive and...
FortiDLP’s unified approach to data protection enables enterprise organizations to anticipate and...
On average, only 48% of digital initiatives meet or exceed business outcome targets, according to...