More UK businesses are looking to work with third party cybers ecurity specialists, driven by the lack of cyber skills. Nearly 30 percent of UK organisations are either using or planning to use a managed security services provider (MSSP), according to the 2017Risk:Value report – which examines attitudes to risk and the value of information security – from NTT Security, the specialised security company of NTT Group. Comment from Kai Grunwitz, Senior Vice President EMEA, NTT Security.
A global study of 1,350 business decision makers, the Risk:Value report shows that attitudes are changing towards outsourcing a company’s IT security to a third party as cyber threats continue to evolve, stricter compliance measures come into force, and demands on in-house resources are stretched to their limit. According to the report, while only 6 percent of organisations in the UK are using a third party provider currently, 23 percent plan to use one. Another 29 percent say they might consider it in the future, although a minority (11 percent) say they plan to keep their security processes in-house.
Of those UK organisations using or planning to use an MSSP, nearly a third (31 percent) say it is because of a lack of internal skills and 27 percent want access to better technology. More than a quarter (28 percent) of respondents say it is more cost-effective to outsource, although the main reasons for using a third party are for support with data storage (40 percent) and data management (35 percent), as well as assisting with cloud migration projects (15 percent).
Kai Grunwitz, Senior Vice President EMEA, NTT Security, comments: “Many organisations are struggling with a lack of resources, coupled with trying to stay compliant and cope with an increasingly complex security landscape. As threats increase in both complexity and sophistication, corporate IT teams are unable to keep up, and quickly find they lack the skills and technology for early detection and response. Working with a third party security provider not only delivers round-the-clock access to specialist skills and knowledge, but also brings with it the very latest advanced threat detection and analytics technology and capabilities that would be impossible to have in-house without huge capital investment by the business.”
Of those not using a third party provider, around four in ten (43 percent) say do not want to share information with a third party, while a third (34 percent) have security concerns. More than a quarter (26 percent) say they are too expensive. Citing the forthcoming General Data Protection Regulation (GDPR) as a possible driver for companies working with third parties, Mr Grunwitz adds: “The deadline of May 2018 is not that far away, yet there are a lot of organisations that have still not grasped how important this is, or who think it doesn’t apply to them – perhaps because they’re not based in Europe or Brexit is coming. These are not valid reasons to push it under the carpet. This and the wider governance, risk and compliance (GRC) environment is a huge potential growth area for managed security services providers.”According to the NTT Security Risk:Value report, only 39 percent of companies in the UK have identified GDPR as a risk for them, the lowest figure for all of the European countries surveyed.
Forty-four percent of organisations worldwide (average across all countries) are using or planning to use an MSSP, with 6 percent currently using an MSSP and 38 percent planning to. 28 percent say they might consider it in the future. While 8 percent will never use a third party security provider. Switzerland and Hong Kong (on 12 percent each) are most likely to use a third party provider Sweden, Germany & Austria and Singapore (all 3 percent) are least likely.
Industry sector figures (global)
Financial services companies lead the way in using third parties, with one in ten already using a managed security services provider, while another 43 percent say they plan to use one. The report suggests that other sectors are set to close this gap, with more than half (51 percent) of business and professional services companies interested in bringing an MSSP on board, followed by computer services and technology (49 percent) and manufacturing companies (42 percent). Just 2 percent in Government use an MSSP, while 18 percent never plan to use one.
Commissioned by NTT Security, the 2017 Risk:Value report surveyed 1,350 non-IT business decision makers in the US, UK, Germany and Austria, Switzerland, France, Sweden, Norway, Hong Kong, Australia and Singapore. Organizations have more than 500 employees and were selected across a number of core industry sectors. Approximately a third of responses are from the financial services sector.