In the face of WannaCry, NotPetya and numerous other high-profile data breaches, European businesses are seriously re-evaluating how they manage their cybersecurity. They are looking for solutions that succeed in safeguarding critical data, but also serve all their other business and IT needs. There are still barriers to overcome and buyers will need to to be convinced if they are to part with cash for that initial managed security services provider (MSSP) adoption.
Rising cybercrime, digital disruption and increased compliance demands are threatening the stability of businesses across Europe. Dealing with cybercrime alone is a challenge, but as businesses look for a competitive edge through digitisation, and with the General Data Protection Regulation (GDPR) just over the horizon, many are looking for outside help.
Increasingly, that help comes in the form of an MSSP. For some areas of an organisation, particularly in the UK where outsourcing has long been practiced, it might come as a surprise that MSSPs are still seen as a relatively new concept and one that's still treated with suspicion by security chiefs. The issues are trust and control -- handing over the security keys of a business is not something to be taken lightly.
However, there has been a clear growth in MSSP adoption across Europe as the triple pressures of cybercrime, skills shortages and compliance begin to take their toll on under-pressure IT departments and boardrooms fret about the business impact of data breaches. So outside help is being sought, but that doesn't mean that any MSSP is going to get an easy ride.
Recent Reliance acsn research highlighted that 66% of European businesses are already using an MSSP, with a further 24% planning to invest. The remaining 10% are in the process of evaluating the prospect. This demonstrates that across the board industry sectors are putting aside their reservations about using an outsourced security service. That said, the results within the sectors show that there's still some reluctance to accept the idea of fully outsourced security.
We can see that the idea of outsource is catching on, but there is still some way to go before end users completely trust an MSSP to manage security. As a result, 53% are at an early stage of planning, with only 12% at an advanced stage.
The results show the trends they are most concerned about also tend to be the drivers of change and innovation across European businesses, and confirm the feeling that the better things get in terms of digital transformation, the worse they get for security. Mobile (74%), cloud (67%) and IoT (58%) were the most frequently mentioned concerns in our report, while other major IT trends such as digital transformation (50%) and shadow IT (34%) were also frequently mentioned. These results give a reflection of what end users are thinking about and dealing with right now.
Client organisations have a mixed view of the benefits that an MSSP can provide, and different parts of the organisation have different expectations. The board looks initially to save money, whereas security teams look for help and technology that they cannot deliver in-house. An MSSP is not for life, or even for a whole organisation. Businesses are taking a pick-and-mix approach, and even taking some functions back in-house. In an age of pay-as-you go cloud and SaaS, MSSPs need to be flexible in terms of outlook and delivery, and agile enough in the face of frequent policy changes and new threats.
Michael Clifford is the managing director at Reliance acsn
