Shift toward consuming cybersecurity-as-a-service accelerates

A survey of 250 IT and cybersecurity professionals at organizations that generate more than $100 million revenue suggests there is a lot more interest in buying cybersecurity than there is in building and maintaining cybersecurity platforms.

Conducted by CITE Research on behalf of Cribl, a provider of a platform for routing data, the survey finds that despite economic headwinds, 95 percent will increase investments in cybersecurity, with nearly two-thirds of respondents (62 percent) planning on buying versus building.

The survey also finds that just over half (54 percent) plan to invest in automation across infrastructure and cybersecurity (54 percent). However, well over a third (36 percent) plan to reduce budgets for staffing and training even as the size of the overall attack surface is expanding. That shift suggests many organizations will rely more on external expertise.

MSPs are redefining the delivery of cybersecurity

Growing interest in depending more on cybersecurity services that can be easily consumed is occurring at a time when the platforms used to deliver those capabilities are evolving. Historically, many managed security service providers (MSSPs) have built their own security operations centers (SOCs). Now it’s become increasingly easier to resell SOC services provided by either another MSSP or a vendor.

At the same time, many MSPs are redefining how cybersecurity services are being provided to go well beyond the delivery of alerts. Extended Managed Detection and Response (XDR) solutions have been rolled out to better secure everything from endpoints at the network edge to cloud services. And regardless of how those services are delivered, the scope has expanded considerably.

Growth in AI is driving need for external expertise

The challenge is that while there are plenty of examples of organizations that rely on these services, the bulk of organizations still depend heavily on internal cybersecurity teams that work closely with IT operations teams to manage cybersecurity. The rise of artificial intelligence (AI), however, is likely to finally force organizations to rely less on internal teams.

The reason for this has little to do with the cybersecurity acumen of those teams. Rather, the cost of training AI models to help thwart cybersecurity attacks is beyond the means of most organizations. Massive amounts of data need to be collected and parsed to create AI models. Most organizations don’t have access to enough data to accomplish that task. Even if they did, the chances they have data scientists that understand the nuances of cybersecurity data are slim to none. As the attack vectors change, those AI models also need to be continuously updated.

Cybercriminals, meanwhile, are gaining access to new classes of generative AI services that will make it possible for them to launch wave of cyberattacks that will be increasingly difficult without the aid of countervailing AI platforms to detect. In effect, the entire cybersecurity sector is now involved in an AI arms race. IT leaders that think for a second their organization will survive that onslaught without relying more on external cybersecurity services are only fooling themselves.

There are, of course, more than a few MSPs that also lack the resources required to build and maintain these models.  Chances are good that there will be some level of consolidation as the bar for providing effective cybersecurity services continues to rise. The overriding issue of the moment is determining who best to ally with today to ensure continued relevance tomorrow.

Photo: Gorodenkoff / Shutterstock