Close Widget

Rise in threats

It’s an understatement to say that 2020 was a challenging year for businesses. The COVID-19 pandemic has not only caused a seismic shift in the way that businesses operate, but it has also had a significant impact on staffing and resource. In December, official figures showed that unemployment had risen above 5% in October, representing more than 1.5 million people, but as the pandemic continues, experts are predicting that figure will increase to more than 2.6 million by the middle of 2021.

While businesses have had to make difficult sacrifices regarding their workforce, the threats from cyber-criminals never cease, and have increased since the pandemic began. In the first quarter of 2020, just as the pandemic began to take hold, the UN security council reported a 350% increase in the number of phishing scams, particularly targeting the healthcare sector.

Shortage of Cyber Skills and Budget

The good news is that most businesses recognise the threat and understand the need to improve their organizational risk posture. In fact, according to a 2020 paper from Accenture, almost 70% of all business leaders believe the risk from cybersecurity is increasing. They’re feeling increased pressure on the cyber arm of their business, having to consider investing more and more in terms of training, resources and security technology as the threat landscape continues to grow. That’s a problem for businesses, because their investment in internal cybersecurity is effectively never ‘complete’, making CFOs and those in charge of the budgets less willing to continuously invest money into it. This is compounded by the fact that ROI can be quite hard to measure in cybersecurity, particularly if reporting and analytics aren’t up to scratch.

Despite being aware of the threat, and showing a willingness to invest, more than 80% of employers have reported a dire shortage of cybersecurity skills within their organisation in the past year alone. This highlights the ever-widening skills gap in cybersecurity that makes it harder than ever before for businesses to find the in-house resources they need to defend themselves.

However, there is one way in which businesses can beat the ‘resource crunch’ presented by the skills gap while also remedying their concerns around endless in-house investment. The answer lies in forming trusted partnerships.

What are the benefits and risks of outsourcing the cybersecurity function?

There are numerous perks in developing trusted partnerships with security companies when compared with maintaining this capability in-house. These include, but are not limited to:

  • Access to a plethora of skilled, experienced, and specialist security professionals that are otherwise hard to employ given the cybersecurity skills shortage.
  • Efficiency in mobilization and a reduction in lengthy processes such as recruitment and on-boarding.
  • Access to security resources around the clock (dependent on the service), removing blockers on security experts only being available during core business hours.
  • Independent validation of your cybersecurity posture from skilled professionals removed from the build, deployment, and operational management of systems.
  • Advanced capabilities in threat detection, defensive technology suites, and practical knowledge that may otherwise require multiple internal resources.
  • Reduction in FTE overheads when compared to a team of full-time, permanent in-house resources whose skillset may not be required on a daily basis e.g. cyber incident response.

Key Considerations

There are a number of considerations that organisations need to make when considering outsourcing to assist with its security function efforts. These may include:

  • Business objectives
  • Security requirements
  • Size and complexity of the business
  • Risk appetite
  • Resource availability
  • Type of skills shortage the organisation has
  • Volume and sensitivity of data held
  • Legal/regulatory requirements

There may also be an increased risk to the supply chain due to the outsourced partner gaining access to highly privileged accounts and information which, if compromised, would present a significant risk to the business. Conducting relevant due diligence and understanding the security posture of the outsourced company is, therefore, critical when considering the outsourcing of any security function.

Businesses also need to ensure that their security budgets are being stretched to their full capacity; something that’s very difficult to measure internally. According to Gartner, global spending on cybersecurity products is increasing and is likely to hit a staggering $170 billion in 2022, but what are the metrics to success when it comes to utilising these products? The good news is that there are a number of service providers who have the flexibility, skills, experience, and specialist capability to offer organisations a significant and clear return on their investment whilst improving their security posture through the use of outsourced security professionals.

Jake Bernardes, Head of Information Security at SingleStore and a SureCloud user, has also commented on SureCloud’s latest offering, stating: “This is a brilliant product/service & represents real value to those of us running complex programs with small teams!”

About SureCloud

SureCloud provides cloud-based, Governance Risk and Compliance products, and Cybersecurity & Risk Advisory services, which reinvent the way you manage risk. SureCloud connects the dots with Integrated Risk Management solutions, enabling you to make better decisions and achieve your desired business outcomes. SureCloud utilizes a highly configurable technology platform, which is simple, intuitive, and flexible. Unlike other GRC Platform providers, SureCloud is adaptable enough to fit your current business processes without forcing you to make concessions during implementation, meaning you get immediate and sustained value from the outset.

How can we help?