Outsourcing cybersecurity: What services to outsource, what to keep in-house

The growing need for outsourced cybersecurity

The growing number and sophistication of threats that organizations face daily puts a bigger demand on cybersecurity. With roaming users accessing the network and data from everywhere, the challenges of protecting assets are even greater and require an increasing number of resources. To help solve some of these challenges, organizations are turning to managed security services providers (MSSPs) and other vendors for outsourcing a variety of security functions.

Various forecasts show the market for managed security services growing at double-digit rates. One report from Allied Market Research estimates the market to reach nearly $41 billion by 2022, based on a 16.6% compound annual growth rate between 2016 and 2022.

DevOps Connect:DevSecOps @ RSAC 2022

The evolving threat landscape is only one driver behind these trends. The shortage of security talent — estimated currently at more than 4 million by (ISC)2 — is also making it more challenging to both recruit and retain talent. Outsourcing allows an organization to shift the burden of providing security analysts and other workers to the managed services providers, while using the in-house staff for more strategic work.

Trends in outsourcing

A 2019 Deloitte survey of 500 C-level executives found that 99% of organizations outsourced some portion of cybersecurity operations. The most common percentage of outsourced services was 21-30% (identified by 44% of the execs). The survey also identified that the top four outsourced categories were security operations, vulnerability management, physical security and awareness and training.

Cisco also found that outsourcing has increased significantly in 2019, compared to the previous year. Based on a survey of 2,800 IT decision makers, the company’s 2020 CISO Benchmark Study found that cost-efficiency is the top reason for outsourcing (identified by 55% of respondents), followed closely by the need for more timely response to incidents (53%).

Cybersecurity (Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Rodika Tollefson. Read the original post at: