November 29, 2023

Four in ten companies plan to outsource cybersecurity

Company bosses are boosting their cybersecurity following an alarming increase in cyberattacks, a new study commissioned by Kaspersky has found. The data shows that more than three quarters (77%) of companies suffered at least one cyber incident in the last two years. One of the main reasons cited was the shortage of qualified IT security staff (18%). Among other measures to strengthen cybersecurity, 41% of respondents claimed that their companies plan to invest in outsourcing cybersecurity in the next 12 to 18 months.

Kaspersky conducted a study[1] to learn the opinions of IT Security professionals working for SMEs and corporations worldwide regarding the impact people have on cybersecurity in a company. The survey gathered information about various groups of people who influence cybersecurity, looking at both internal staff, and external actors. It also analyzed levels and types of online safety company bosses believed warranted investment.

In the study, more than three quarters (77%) of respondents reported that their company had experienced cybersecurity incidents within the last two years, with 75% of these judged as ‘serious’. Some said the main reasons for cyber incidents occurring in their company were a lack of necessary tools for threat detection (18%) and a shortage of internal IT security staff (18%).

The respondents indicated that a variety of measures would be appropriate to address cybersecurity gaps, and among them 24% said they would like to see more external specialists brought in. And it appears company investment plans are well in line with their expectations. One quarter of organizations (25%) plan to invest in third-party professional services, and as many as 23% of respondents are aiming to outsource their cybersecurity to MSP/MSSP (Managed Service Providers/Managed Security Service Provider). The most likely industries to invest in third-party services in the near future are critical infrastructure, energy and oil & gas companies.

At the same time, many organizations plan to invest in automation of their cybersecurity processes. In the next 12 months almost half of businesses globally (45%) have concrete plans to implement software that automatically manages their cybersecurity, while 20% are discussing the subject.

Is your company considering the implementation of software tools that automatically manage parts of your cybersecurity?

“The automation and outsourcing of cybersecurity tasks are major areas that organizations struggling because of a lack of experts and alert fatigue can focus on. Turning to external experts, — whether it’s outsourcing, to manage the whole cybersecurity system, or adopting expert-level services to assist the IT Security department — is the optimal solution for many. Cybersecurity vendors, Managed Service Providers, Managed Security Service Providers are the companies that have relevant expertise, all the necessary tools, and can manage cybersecurity effectively for customers of any size. Additionally, they can provide the customer with various options, such as Managed Detection and Response services, where SOC experts continuously carry out monitoring, or assistance in case of emergency like investigating a particular incident. Automation tools provided by cybersecurity vendors is another way an organization can strengthen its cybersecurity. For example, our XDR and MDR has out-of-the-box automation through investigation and response playbooks and embedded AI, enabling clients and partners to significantly automate their information security processes. With all possible options provided by experts, each company can determine the scope of services that are needed, based on cybersecurity gaps or desired development trajectory,” comments Ivan Vassunov, VP, Corporate Products at Kaspersky.

The full report and more insights on the human impact on cybersecurity in business are available via the link.

To cope with a shortage of tools or IT Security employees in-house, Kaspersky recommends:

Make use of the expertise offered by managed security providers offerings. For example, Kaspersky Managed Detection and Response raises the overall protection level of an organization by monitoring of telemetry coming from the company's IT network 24/7, and helps with the development of in-house processes and best practices while following the incident response guidelines provided by Kaspersky experts. Additionally, the AI assistant in MDR automatically handles about half of all security alerts to ensure maximum protection.
Implementing Kaspersky Professional Services optimizes the workload of a struggling IT department. Kaspersky experts assess the state of your current IT security, then deploy and configure Kaspersky software quickly and properly to ensure hassle-free ongoing performance. AndKaspersky Premium Support speeds up and boosts the efficiency of any Kaspersky-based IT security infrastructure.
For SMBs that lack the budget to purchase some cybersecurity products and hire dedicated IT security professionals, just one IT administrator (even part time or outsourced) is enough to easily manageKaspersky Endpoint Security Cloud through a console with numerous automated scripts.
Invest in cybersecurity trainings so your current IT security specialists’ skills are always up-to-date and equipped to handle anything the cyber threat landscape throws at your organization. Kaspersky Cybersecurity for IT Online training helps build up simple yet effective IT security best practices and simple incident response scenarios for general IT administrators. And Kaspersky Expert Training equips your security team with the latest knowledge and skills to manage and mitigate threats, protecting your organization from even the most sophisticated attacks.

[1] The survey was conducted across 19 countries: Brazil, Chile, China, Colombia, France, Germany, India, Indonesia, Japan, Kazakhstan, Mexico, Russia, Saudi Arabia, South Africa, Spain, Turkey, UAE, UK and USA.