Download

Part 2: Outsourced Service Providers

Small and medium sized businesses often leverage outsourced cybersecurity providers to augment and extend their capabilities. In this section we explore how companies are leveraging outsource providers, along with trends and challenges.

Top Three Outsourced IT or Security Partners

The top outsourced IT or security partners they use are (they chose all that applied):

Q. Select all the types of outsourced IT/security partners you use:

 

76% spend $50,001 or more annually on outsourced security

7% spend less than $20,000 annually on outsourced security; 12% spend $20,001 to $50,000; 26% spend $50,001 to $100,000; 35% spend $100,001 to $250,000; and 15% spend more than $250,001. Finally, 5% don’t spend any, as they don't outsource security.

Overall, 76% spend $50,001 or more annually on outsourced security.

Q. How much do you spend annually on outsourced security?

More than $250,001 15%

$100,001 to $250,000 35%

$50,001 to $100,000 26%

$20,001 to $50,000 12%

Less than $20,000 7%

None - We  don't outsource security 5%

Top Five Reasons to Outsource

The primary factors that influenced the decision to outsource security operations functions to a provider are:

Q. From the options listed below, what were the primary factors that influenced your decision to outsource security operations functions to an outsourced security provider?

RADICL_49%_Report
Improved security posture with access to advanced security tools and technologies
White Percentage_46_2
Cost-effectiveness compared to building and maintaining an in-house team
White Percentage_46
Scalability and flexibility to adapt to changing business needs
RADICL_39%_Report
Ability to focus internal resources on core business functions
RADICL_30%_Report
Access to specialized expertise and technical skills
RADICL_28%_Report
Support in complying with industry regulations and standards, including CMMC
RADICL_10%_Report
Enhanced incident response capabilities with round-the-clock monitoring

Top Five Outsourced Provider Challenges

While many are outsourcing, they’re not necessarily finding the results they expected. The greatest challenges they have experienced with their outsourced provider are:

Q. From the options listed below, what are the greatest challenges you have experienced with your outsourced provider?

RADICL_31%_Report
Inconsistent quality of service
RADICL_30%_Report
Feels too expensive given the overall value delivered
RADICL_26%_Report
Limited support for compliance management, especially CMMC
RADICL_24%_Report
Lack of technical expertise or specialization
RADICL_23%_Report
Inadequate response time to security issues and incidents
RADICL_21%_Report_v2
Lack of transparency on the work they are performing on the respondent’s behalf
RADICL_19%_Report
Not using the latest and greatest cybersecurity technologies to protect them
RADICL_17%_Report
Ineffective workflow and collaboration between the provider and internal staff
RADICL_14%_Report
I have no challenges with my current outsourced security provider
RADICL_5%_Report
None of the above

52% will change their outsourced security provider

52% plan to make changes to their outsourced security provider in the next year. 48% will not.

Q. Do you plan to make changes to your outsourced security provider in the next 12 months?

Yes 52%

No 48%

38% plan to bring security in-house

For those who will make changes, 38% plan to bring security in-house, 33% will find a new outsourced provider, and 29% will do a combination of both.

Q. What best describes what you will do to replace them?

Bring security in-house 38%

Find a new outsourced provider 33%

Both of the above 29%

Top Service Provider Capabilities for Those Looking to Switch

Those wanting to find a new service provider say the following qualities and capabilities are most important (they chose all that applied):

Q. When evaluating a new outsourced security provider, what qualities and capabilities are most important to you?

RADICL_59%_Report
Utilization of the latest technologies to offer robust protection against evolving threats
RADICL_50%_Report
Quality of the providers in terms of cybersecurity expertise and overall customer experience
RADICL_47%_Report
Swift, coordinated responses to security incidents to minimize potential damage
White Percentage_46_2
Offering comprehensive cybersecurity coverage and capabilities from a single provider
RADICL_44%_Report
Expert knowledge in meeting the specific security standards of the DIB
RADICL_39%_Report
Clear, open channels of communication with transparent visibility into work being done on our behalf
RADICL_15%_Report
Guided assistance in achieving and maintaining compliance standards, including CMMC certification

16% of those who do not outsource now plan to in the next year

For those who replied above that they don’t outsource security, 16% do plan to outsource security in the next 12 months, while 84% will not.

Q. Do you plan to outsource security in the next 12 months?

Yes 16%

No 84%

Top Service Provider Capabilities for First-Time Users

Of those who plan to outsource in the next year who aren’t currently, the qualities and capabilities most important when evaluating a new outsourced security provider include (they chose all that applied):

Q. When evaluating a new outsourced security provider, what qualities and capabilities are most important to you?

RADICL_67%_Report
Offering comprehensive cybersecurity coverage and capabilities from a single provider
RADICL_33%_Report
Expert knowledge in meeting the specific security standards of the DIB
RADICL_33%_Report
Quality of the providers in terms of cybersecurity expertise and overall customer experience
RADICL_33%_Report
Swift, coordinated responses to security incidents to minimize potential damage
RADICL_33%_Report
Guided assistance in achieving and maintaining compliance standards, including CMMC certification
RADICL_0%_Report
Utilization of the latest technologies to offer robust protection against evolving threats
RADICL_0%_Report
Clear, open channels of communication with transparent visibility into work being done on our behalf

Summary

Respondents are managing their cybersecurity programs through both in-house capabilities and outsourcing to MSSPs (52%), MDRs (45%), and MSPs (44%). Overall, 76% spend $50,001 or more annually on outsourced security.

Why are they outsourcing? The top reason is the opportunity to improve their security posture with access to advanced security tools and technologies — a reason that jumped from fourth last year to first this year. They’re also outsourcing for the cost-effectiveness compared to building and maintaining an in-house team and the need for scalability and flexibility to adapt to changing business needs — both in their top reasons last year.

Those who outsource do encounter challenges, the primary being inconsistent quality of service, which jumped from fifth last year to first this year. Another challenge is that it feels too expensive given the overall value delivered, which jumped from third last year to second this year.

Because of this (or other reasons), 52% will change their outsourced security provider in the next year and 38% plan to bring security in-house. Those looking to switch service providers are prioritizing someone who uses the latest technologies to offer robust protection against evolving threats.

Go Back