Outsourcing Security Without Increasing Risk

The growing number of cybersecurity incidents and wave of data privacy laws and regulations is behind the current boost in demand for cybersecurity. Consider a recent survey from management consulting firm McKinsey that forecasts a 13% annual increase in cybersecurity spending through at least 2025.

The challenges are clear. At this breakneck pace, how do security practitioners ensure they spend their cybersecurity budgets wisely? And with the competition for cybersecurity talent, how do they attract and hire the talent necessary to get the job done? For many enterprises, the answer is increasingly clear: outsourcing.

According to the "2022 Deloitte Global Outsourcing Survey," only 52% of the surveyed executives thought their organizations were adequately prepared to defend against modern-day security challenges. That underlying discomfort with the status quo is perhaps why 81% of executives said they used outside vendors to fulfill their cybersecurity demands. Similarly, in Dark Reading's recent "Outsourcing Security Without Inviting Risk and Wasting Money" report, security leaders indicated that the difficulty for most enterprises isn't deciding whether to outsource. Rather, it's deciding what to outsource and how to do so cost-effectively, while capturing the most risk reduction for their businesses.

Read the report to learn what dozens of experts had to say about what enterprises must do now to successfully outsource cybersecurity functions without inviting increased risk or wasting money. For instance, Barry Keaton, director of managed defense at Google Cloud, says organizations must evaluate their internal resources and determine whether outsourcing is a viable way to fill gaps.

Organizations should ask themselves the following questions: Does the organization have the necessary expertise to monitor and investigate alerts and proactively hunt for attackers across the organization? Does the team have the insights to understand which threats matter most and prioritize response effectively? And is the cybersecurity stack modern and scalable enough to keep up with new and emerging threats?

Keaton and others explain how enterprises must balance cybersecurity costs, scalability, and the level of control desired against their in-house resources. They should also look for strategic areas where outsourcing can save money and improve security outcomes. The key is learning how to balance high-priority and sensitive cybersecurity initiatives that may be better served in-house, while turning to service providers when they need specialized services and outperforming staffers.