IT For CEOs & CFOs
News & Views
Outsourcing soars as cybersecurity skills gap widens
​
Widening skills gap and regulatory compliance fears are driving a growth in outsourcing as organizations seek to shift accountability, according to the latest findings from Logpoint’s European Cybersecurity Sector 2024 report.
In a survey of 1,762 senior decision makers and influencers in leadership, technology and security roles across Europe, 52% use a third party to manage their security operations, compared to 48% who manage inhouse. Across Europe, there has been an upswing in favour of outsourcing with the practice becoming equal to or outstripping inhouse provision. In the UK more than a quarter (28%) of UK businesses say the intend to outsource over the course of the next two years, while in France 65% take an inhouse approach while 35% outsource of which 24% intend to outsource. In Germany, 77% opt for inhouse and 23% outsource and 27% intend to do so; and in the Nordic region, 54% keep operations inhouse and 46% outsource with 14% intending to externalize.
Nearly a third (30%) of respondents say they are increasingly relying upon a Managed Security Service Provider (MSSP) to prove compliance or to satisfy the requirements of a cyber insurance provider – a factor for an overwhelming 93% of UK organizations. “The burden of regulatory compliance coupled with the onus being placed on individual members of the board and senior management is driving demand for MSSP services. “Using a third party can provide the organization with access to the latest technology and skilled experts but also enables them to prove compliance through tailored solutions that can meet the requirements of specific regulations such as GDPR and NIS2,” says Innes Muir, Regional Manager, MSSPs, UK, EIRE and RoW, Logpoint. “Going forward, the expectation is that more regulations, such as the Cyber Security and Resilience Bill, will follow suit and make accountability part and parcel of risk management and incident reporting, further driving the shift to outsourcing.”
Logpoint’s research also highlights the importance of the Channel with MSSPs naming technology partners, specialists and suppliers as their primary source of information when selecting security solutions. For 63% of respondents’ selection is predominantly focused on the solution’s effectiveness in managing and mitigating security incidents, with 62% citing proven effectiveness, while 61% say their selection relies upon the ability of the solution to meet GDPR and local regulations – reflecting the growing demand for solutions which not only comply but offer compliance-specific monitoring and reporting. Likewise, compliance was third on the list for those that manage their security inhouse (56%) behind proven effectiveness (61%) and ease of integration (59%).
The main reason given for keeping security inhouse was utilizing internal skills and knowledge which could well change as organizations struggle to recruit the necessary expertise due to the skills shortage. Of those that do outsource, 60% say this is because they were missing internal skills and knowledge within their organizations, with 48% adding that it was because they couldn’t recruit candidates with the requisite skills/knowledge. The ISC2 2024 Cybersecurity Workforce Study reveals that the UK has the widest workforce gap in Europe, having grown 27.1% over the course of the past year while at the same time its workforce has shrunk 4.9% due to layoffs and economic stagnancy, supporting the argument that a diminishing talent pool is contributing to the outsourcing trend.