VentureBeat: Why enterprises are massively subcontracting cybersecurity work

October 23, 2021

Enterprises increasingly are subcontracting cybersecurity responsibilities because they have trouble finding full-time qualified workers.

Originally published by VentureBeat.

NewtonX market research revealed this week that 56% of organizations surveyed subcontract as much as 25% of their cybersecurity work. In the study, more than 100 chief information security officers, CTOs, and other senior decision-makers indicated a trend toward subcontracting one of the most critical roles continually facing enterprise professionals.

“[Chief information security officers] and CIOs/CTOs are finding it extremely difficult to hire and retain qualified cybersecurity staff. As a result, they are forced to look elsewhere for talent,” said Sascha Eder, cofounder and CEO of NewtonX. “A surprisingly large percentage — 56% — of organizations are addressing the hiring crunch by subcontracting at least some portion of their cybersecurity teams, most often to managed service providers.”

Despite the fundamental importance of cybersecurity, 40% of organizations surveyed responded that cybersecurity costs amount to 10% to 15% of total IT budgets. Despite the dangers that data breaches tend to have, the percentages are actually in a consistent range, according to Eder. “The 10-15% range is consistent with a Deloitte study that found financial services institutions spent around 10% of the total IT budget on cybersecurity,” he said.

In addition, as a general rule, Eder suggested that the degree to which budgets have grown to address the rising cybersecurity threat is more important than the size of the budget itself.

Supplementing overstretched IT teams

Standout spending areas include cyber monitoring/operations and endpoint and network security, which accounted for 50% of total cybersecurity budgets. Yet only two-thirds of respondents saw increases in those budgets, ranging from as low as 5% to as high as 50%, while the remaining one-third stayed the same.

Based on the facts and forecasts, this indicates cybersecurity leaders still believe budgets fall woefully short when it comes to the momentous task of controlling and preventing cyberattacks. Because of this, in an attempt to avoid vulnerabilities, understaffed cybersecurity departments look to subcontracting as a means of supplementing their own cybersecurity teams.

As VPN and DDoS attacks are expected to reach 11 million incidents by the end of 2021, along with the other influx of woes facing cybersecurity gatekeepers and insufficient resources — are all factors driving cybersecurity decision-makers to choose managed-service providers over in-house IT teams. CrowdStrike, Palo Alto Networks, and Microsoft were rated the leading managed-service cybersecurity providers in the NewtonX survey.

No budget for ransomware

Another reason security administration professionals may lie awake at night is the lack of budget for ransomware. “One interesting insight for us was how divided people are on laws restricting ransomware payments,” explained Patiwat Panurach, VP of strategic insights and analytics at NewtonX.

The survey showed that 39% of respondents agreed with proposed legislation limiting or banning such payments, while 26% disagreed.

“It’s not surprising, then, that 72% of companies polled don’t even have a ransomware budget, which just goes to show how much uncertainty there is about the impact of any such restrictions,” Panurach said.

Will regulators allow a ransom to be paid if the cost of not paying is a large, possibly politically damaging, disruption to high-profile services?  Either way, firms should be increasingly vigilant as the volume of attacks continues to increase.

Sign up for our newsletter, NewtonX Insights:

Your playbook to making confident business decisions enabled by B2B research. Expect market research trends, tools, and case studies with leading enterprises, delivered monthly.

Related Content

TechHQ: Firms not convinced to outsource cybersecurity skills, despite shortage

Originally published by TechHQ. The cybersecurity skills shortage is an ongoing dilemma that continues to wreak havoc on vulnerable systems globally. As organizations continue to face increasing cyber threats, it’s no longer just about having

read more

Cybersecurity in 2022: What matters going forward?

NewtonX Current issued a report on the top priorities and concerns decision-makers have about cybersecurity in 2022. We surveyed CISOs, CTOs, and other senior IT decision makers to gain insight into the most pressing issues the industry faces today.

read more

NewtonX Current: Cybersecurity in 2022 Business Outlook and Key Trends

Cybersecurity decision-makers are facing two related challenges: navigating market trends while managing professional advancement and quantifying success.   As a result, cybersecurity solutions providers have an opportunity to address these challenges to achieve high retention

read more