UK Businesses Are Turning to MSSPs for Security Solutions

0
230

Most UK businesses will soon be outsourcing their security operations, according to findings from Logpoint’s European Cybersecurity Sector 2024 report.  

The survey of 1,762 senior decision makers and influencers in leadership, technology and security roles across Europe found that while 48% manage their security operations inhouse versus 52% who use a third party, 28% of UK businesses intend to outsource over the course of the next two years. 

For comparison, in France 65% take an inhouse approach while 35% outsource of which 24% intend to outsource, while in Germany 77% opt for inhouse and 23% outsource and 27% intend to do so, and in the Nordic region, 54% keep operations inhouse and 46% outsource with 14% intending to externalise. 

All these markets are experiencing a swing in favour of outsourcing that will see the practice become equal to or outstrip inhouse provision. Key reasons given for the switch include the ability to benefit from external skills and knowledge, cost efficiencies linked to clear and predictable pricing, and effective security management which is likely to see a spur in demand for managed security service providers (MSSPs).

The main reason given for keeping security inhouse was utilising internal skills and knowledge, which could well change as organisations struggle to recruit the necessary expertise due to the skills shortage. In fact, 60% of those that do outsource said this was because they were missing internal skills and knowledge and 48% said it was because they couldn’t recruit candidates with the requisite skills/knowledge. 

Interestingly, 30% said they outsource security management to a third party to shift accountability. Organisations are increasingly relying upon an MSSP to prove compliance or to satisfy the requirements of a cyber insurance provider. It’s a factor that could prove an even bigger draw as compliance regulations such as NIS2 prioritise personal accountability and the need to maintain oversight of security processes and procedures. The main selection criteria for choosing an MSSP today is the quality of the service offering (46%), followed by the reputation of the provider (19%), price (12%), breadth (11%) and the ability of the customer to influence the technology used (9%). 

“The burden of regulatory compliance coupled with the onus being placed on individual members of the board and senior management is driving demand for MSSP services,” said Innes Muir, regional manager, MSSPs, UK, EIRE and RoW, at Logpoint. “Using a third party can provide the organisation with access to the latest technology and skilled experts but also enables them to prove compliance through tailored solutions that can meet the requirements of specific regulations such as GDPR and NIS2. 

“Going forward, the expectation is that more regulations, such as the Cyber Security and Resilience Bill, will follow suit and make accountability part and parcel of risk management and incident reporting, further driving the shift to outsourcing.”

The survey also questioned MSSPs to gain their perspective on what motivates customers to outsource. Reasons included the overall security benefits, external skills and knowledge, and availability of services 24×7, as well as cost efficiencies, trust and the offering of a centralised hub or portal. Transparent and predictable pricing was deemed more important than offering a lower cost solution, demonstrating that cost isn’t necessarily king even during an economic downturn.

The importance of the channel was evident, with MSSPs naming technology partners, specialists and suppliers as their primary source of information when selecting security solutions. Selection is predominantly focused on the solution’s effectiveness in managing and mitigating security incidents (63%) and proven effectiveness (62%) but in third place was the ability of the solution to meet GDPR and local regulations (61%). This reflects the growing demand for solutions that not only comply but offer compliance-specific monitoring and reporting. Likewise, compliance was third on the list for those that manage their security inhouse (56%) behind proven effectiveness (61%) and ease of integration (59%).

The survey found compliance with these regulations was the number one factor for choosing a security solution from an MSSP in the UK for 93% of those questioned. Other key issues noted by 87% of respondents in each case were the ability to support growth/change, to keep pace with cybersecurity trends and technology, and the storage of data within the jurisdiction of the EU. 

Looking to the future, the survey revealed that MSSPs are also likely to look for bundled offerings from cybersecurity vendors with solutions that align with the flagship platform, with 94% expressing an interest in this type of offering.