A survey of more than 950 IT and security professionals finds just over a quarter of respondents (26 percent) work for organizations that consume managed security services.
Conducted by CDW, the survey notes that organizations are consuming some specific services, but the level of consumption of any of those services doesn’t rise about 25 percent of respondents.
Nevertheless, there is a clear need for additional help. More than two-thirds (68 percent) said they are managing somewhere between 10 to 49 security tools or platforms, with 40 percent noting it is either very (8 percent) or somewhat difficult (32 percent) to integrate these tools.
Opportunities and challenges for MSSPs
The survey results suggest that as cybersecurity evolves, there is a clear opportunity for managed security service providers (MSSPs) to help organizations shift toward a more platform-centric approach to cybersecurity. That approach should enable organizations to reduce the total cost of cybersecurity by rationalizing the number of tools they currently license. At the same time, a platform will expose additional capabilities that many organizations today lack the funds and expertise required to invoke.
However, the survey also finds that 27 percent are experiencing budgetary challenges as they seek to maintain cybersecurity. A quarter of respondents (25 percent) report their cybersecurity teams are understaffed. Additionally, 45 percent attributed the majority of their stress stems from staffing issues. Overall, 41 percent said they were either very or somewhat stressed by their cybersecurity responsibilities.
Just under half (49 percent) shared they feel their organization is very prepared to respond to a cybersecurity incident, with another 32 percent feeling somewhat prepared. Network monitoring (89 percent), data security tools (87 percent), and encryption (85 percent) rank as the capabilities that respondents have the most confidence in. A full 88 percent said they are either somewhat (38 percent) or very confident (50 percent) that they have sufficient visibility into cybersecurity, with 61 percent noting they consider identity access management (IAM) an effective method for attaining that visibility.
Adapting to evolving cybersecurity needs
Furthermore, 43 percent state their organization has experienced a security breach that cost the organization somewhere between $1 million and $10 million as a result of downtime. Another 8 percent said an incident cost their organization more than $10 million.
A total of 61 percent also noted they insurance policy requirements now also heavily influence their organization’s cybersecurity strategy. Just under a third (29 percent) also noted the executive responsible for cybersecurity reports to the CEO.
It’s apparent that as cybersecurity continues to evolve the needs of organizations are changing in ways that will require most MSSPs to make some adjustments. For example, more organizations (41 percent) report they are in the advanced stages of implementing zero-trust policies, with another 12 percent claiming to have reached an advanced state of maturity.
MSSPs should also make note of the fact that there is a lot more focus on cyber resiliency as organizations come to terms with the fact one or more breaches are all but inevitable.
Rather than focusing on specific tools, MSSPs need to present customers with a holistic approach to managing cybersecurity if they hope to continue expanding the total addressable market for their services. After all, organizations are a lot more interested in solving their cybersecurity problems than they necessarily are in all the technical details that are being mastered to resolve them.
Photo: Khakimullin Aleksandr / Shutterstock
