Outsourcing cybersecurity: What services to outsource, what to keep in-house
The growing number and sophistication of threats that organizations face daily puts a bigger demand on cybersecurity. With roaming users accessing the network and data from everywhere, the challenges of protecting assets are even greater and require an increasing number of resources. To help solve some of these challenges, organizations are turning to managed security services providers (MSSPs) and other vendors for outsourcing a variety of security functions.
Various forecasts show the market for managed security services growing at double-digit rates. One report from Allied Market Research estimates the market to reach nearly $41 billion by 2022, based on a 16.6% compound annual growth rate between 2016 and 2022.
The evolving threat landscape is only one driver behind these trends. The shortage of security talent — estimated currently at more than 4 million by (ISC)2 — is also making it more challenging to both recruit and retain talent. Outsourcing allows an organization to shift the burden of providing security analysts and other workers to the managed services providers, while using the in-house staff for more strategic work.
A 2019 Deloitte survey of 500 C-level executives found that 99% of organizations outsourced some portion of cybersecurity operations. The most common percentage of outsourced services was 21-30% (identified by 44% of the execs). The survey also identified that the top four outsourced categories were security operations, vulnerability management...