Kaspersky’s annual IT Security Economics report revealed the complexity of cybersecurity solutions forced companies to outsource some functions to external InfoSec providers, as the latter have more relevant expertise and can manage the technologies more efficiently than company employees.
Kaspersky’s global research, conducted among IT decision-makers, found that 71% of British SMBs and corporations believe the most common reason to transfer certain IT security responsibilities to MSP/MSSP during 2022 was the efficiency in delivering cybersecurity that external specialists provided. Among other most frequently mentioned reasons companies also named scalability (64%), the need for special expertise (54%), the shortage of relevant experience in their organisations (36%) and the complexity of business processes (32%).
A considerable proportion of UK companies continue to face a shortage of personnel possessing the necessary technical, incident response, and governance skills required to effectively manage their cyber security. According to the Government’s cybersecurity skills in the labour market 2022 report, roughly 697,000 businesses (equivalent to 51%) lack the assurance to perform essential tasks outlined in the government-endorsed Cyber Essentials programme, whereas nearly 451,000 businesses (about 33%) suffer from more advanced skills gaps, primarily in domains like penetration testing, forensic analysis, and security architecture.
Regarding cooperation with MSP/MSSP, 75% of British companies stated that they usually work with two or three providers, while only 11% say they deal with more than four IT Security service suppliers a year.
“External specialists can either manage all the cybersecurity processes in a company or just deal with separate tasks. It usually depends on the size of the organization, its maturity, and management’s desire to be involved in information security tasks. For some small and medium-sized companies it can be reasonable not to hire a full-time specialist and transfer some of his functions to MSP or MSSP as it will be more profitable in terms of cost and efficiency. For large corporations, outside specialists usually mean extra hands to help their own cybersecurity teams deal with a large volume of work. However, it is important to understand that in any case the company should have basic knowledge of information security to be able to assess the outsourcers’ work properly.” - comments Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky.
To protect your company against sophisticated cyberattacks, even if it lacks security staff or internal specialists, Kaspersky recommends using managed protection services. Comprehensive Expert trainings also help IT security specialists to maintain relevant skills and to be best prepared for the cyber threat landscape.
To gain more insights about IT security costs and budgets in businesses in 2022 visit the interactive IT Security Calculator. The full report “IT Security Economics 2022” is available to download here