Solid protection against cyber threats is an urgent priority for firms, with an increasing number of businesses grappling with ransomware attacks. In fact, e2e-assure’s research shows that the vast majority (75%) of CISOs and cyber security decision-makers have experienced a cyber attack, and the frequency of breaches doesn’t appear to be slowing down. In fact, according to recent research by GOV.UK, a fifth of businesses said they had experienced breaches or attacks at least once a week in the last 12 months.
Despite mid-sized companies being the most likely to outsource their cyber operations (57%), the research shows that they fare the worst in comparison to enterprises. 47% report that their provider is underperforming compared with 37% of enterprises. Perhaps as a result, only 22% of mid-sized firms believe they are resilient.
62% of mid-market companies said they don’t have flexible contracts that can adapt the scope of the original contract signing, compared with 46% of enterprises. A further 66% of mid-sized companies said they did not have transparent pricing from their provider, compared with 44% of large organisations.
The survey also found services are less likely to be personalised for mid-sized organisations, with 57% of these less likely to have client-centric delivery teams compared with 50% of enterprises. Over half (58%) of mid-sized organisations said they were not benefitting from tooling than can be tailored to their specific business needs, compared with 50% of enterprises.
This means mid-sized organisations are ultimately not benefiting from the same degree of specialist expertise as enterprise organisations, putting them at a potential higher risk of compromise.
Rob Demain, CEO of e2e-assure, said:
“Our report set out to unveil the observations from CISOs and decision-makers as to how their security operations are performing as 2023 continues to prove a monumental year for cyber crime.
“With mid-sized organisations the most prominent outsourcers in our study, but with the majority stating that they’re unhappy with their current support, it’s clear that there is an integral need for a shift in both the service and commercial offerings from cyber security providers to better support mid-sized companies to protect themselves against breaches.”
However, with nearly a third (29%) of mid-sized companies stating that they will be looking for an outsourced provider when they next procure their security operations, it’s clear there is an appetite from cyber security professionals to pass more responsibility on.
With the findings highlighting the need for a shift in the service offerings from providers, five key themes emerged for cyber defence rejuvenation in 2024:
1. Providers will need to prove their value
2. Security teams will relinquish more control to trusted providers
3. Contracts will need to be more commercially flexible
4. Service and tooling flexibility is a priority for organisations
5. Quality cyber defence needs to become more accessible to organisations of all sizes