Logpoint, a provider of Security Information and Event Management (SIEM) solutions, today revealed the findings from its European Cybersecurity Sector 2024 report which indicates the majority of UK businesses will soon be outsourcing their security operations. The survey of 1,762 senior decision makers and influencers in leadership, technology and security roles across Europe found that while 48% manage their security operations inhouse versus 52% who use a third party, more than a quarter (28%) of UK businesses intend to outsource over the course of the next two years.
For comparison, in France 65% take an inhouse approach while 35% outsource of which 24% intend to outsource, while in Germany 77% opt for inhouse and 23% outsource and 27% intend to do so, and in the Nordic region, 54% keep operations inhouse and 46% outsource with 14% intending to externalise. All of these markets are experiencing a swing in favour of outsourcing that will see the practice become equal to or outstrip inhouse provision. Key reasons given for the switch include the ability to benefit from external skills and knowledge, cost efficiencies linked to clear and predictable pricing, and effective security management which is likely to see a spur in demand for MSSPs (Managed Security Service Providers).
The main reason given for keeping security inhouse was utilising internal skills and knowledge which could well change as organisations struggle to recruit the necessary expertise due to the skills shortage. In fact, 60% of those that do outsource said this was because they were missing internal skills and knowledge and 48% said it was because they couldn’t recruit candidates with the requisite skills/knowledge. The ISC2 2024 Cybersecurity Workforce Study reveals that the UK has the widest workforce gap in Europe, having grown 27.1% over the course of the past year while at the same time its workforce has shrunk 4.9% due to layoffs and economic stagnancy, supporting the argument that a diminishing talent pool is contributing to the outsourcing trend.
Interestingly, almost a third (30%) said they outsource security management to a third party to shift accountability. Organisations are increasingly relying upon an MSSP to prove compliance or to satisfy the requirements of a cyber insurance provider. It’s a factor that could well prove an even bigger draw as compliance regulations such as NIS2 prioritise personal accountability and the need to maintain oversight of security processes and procedures. The main selection criteria for choosing an MSSP today is the quality of the service offering (46%), followed by the reputation of the provider (19%), price (12%), breadth (11%) and the ability of the customer to influence the technology used (9%).
“The burden of regulatory compliance coupled with the onus being placed on individual members of the board and senior management is driving demand for MSSP services. Using a third party can provide the organisation with access to the latest technology and skilled experts but also enables them to prove compliance through tailored solutions that can meet the requirements of specific regulations such as GDPR and NIS2,” said Innes Muir, Regional Manager, MSSPs, UK, EIRE and RoW, at Logpoint. “Going forward, the expectation is that more regulations, such as the Cyber Security and Resilience Bill, will follow suit and make accountability part and parcel of risk management and incident reporting, further driving the shift to outsourcing.”
The survey also questioned MSSPs to gain their perspective on what motivates customers to outsource. Reasons included the overall security benefits, external skills and knowledge, and availability of services 24×7, as well as cost efficiencies, trust and the offering of a centralised hub or portal. Transparent and predictable pricing was deemed more important than offering a lower cost solution, demonstrating that cost isn’t necessarily king even during an economic downturn.
The importance of the Channel was evident, with MSSPs naming technology partners, specialists and suppliers as their primary source of information when selecting security solutions. Selection is predominantly focused on the solution’s effectiveness in managing and mitigating security incidents (63%) and proven effectiveness (62%) but in third place was the ability of the solution to meet GDPR and local regulations (61%). This reflects the growing demand for solutions that not only comply but offer compliance-specific monitoring and reporting. Likewise, compliance was third on the list for those that manage their security inhouse (56%) behind proven effectiveness (61%) and ease of integration (59%).
The survey found compliance with these regulations was the number one factor for choosing a security solution from an MSSP in the UK for an overwhelming 93% of those questioned. Other key issues noted by 87% of respondents in each case were the ability to support growth/change, to keep pace with cybersecurity trends and technology, and the storage of data within the jurisdiction of the EU. Looking to the future, the survey revealed that MSSPs are also likely to look for bundled offerings from cybersecurity vendors with solutions that align with the flagship platform, with 94% expressing an interest in this type of offering.
Methodology
The research was conducted by B2B International with 1,762 senior decision makers and influencers in leadership, technology and security roles across France, Germany, the Nordics and the UK in August 2024. Survey participants comprised 57% B2B, 30% MSSPs and 14% CNI. B2B International abides by the ESOMAR principles and are also accredited by MRS Evidence Matters, Insights Association, American Marketing Association, Business Marketing Association, AQR, ADM and the BVM.
###
About Logpoint
Logpoint helps organisations and partners protect against cyber attacks and streamline security operations by combining sophisticated technology and a profound understanding of customer challenges. Logpoint’s threat detection, investigation, and response solution based on converged SIEM, UEBA, and SOAR technologies empowers European organisations to achieve security outcomes across any premise through high-quality data, continuously updated security content, flexible deployment options, and industry-best predictable licensing. Headquartered in Copenhagen, Denmark, Logpoint has a European foundation and is the only European SIEM vendor with a Common Criteria EAL3+ certification, demonstrating its strengthened focus on data protection and adherence to data and cybersecurity regulations. For more information, visit http://www.logpoint.com.