Majority of Professional Services organisations grapple with underperforming cyber security providers

A significant 69% of Professional Service organisations admitted their cyber security provider is either underperforming and they’re looking to make changes (31%) or that there’s room for improvement (38%), according to new research by Threat Detection & Response provider, e2e-assure.

Having a solid cyber security defence strategy is of urgent importance for CISOs and cyber security decision makers in Professional Service organisations, with e2e-assure's study finding most (77%) have experienced a cyber attack. Despite this, only 1 in 5 (20%) would describe themselves as “resilient.”

Outsourcing is currently the most popular solution for Professional Service organisations when it comes to their cyber security operations (40%), compared with a hybrid approach (38%) or managing everything in house (17%). But with those in the sector citing control over their cyber security service as the most important factor when making decisions around their security environment (43%), providers need to ensure they are delivering ROI.

e2e-assure’s stats around provider performance suggest the need for a critical shift. The majority (57%) of CISOs in the sector state they are either unconfident that threat intelligence is being used as it has had no measurable positive impact (45%), or they know that threat intelligence has not been implemented to detect threats within their environment (12%). Most respondents also said that they don’t have flexible contracts (51%), transparent pricing (49%) or real-time visibility of dashboards (48%). In fact, over half (55%) don’t even feel they have client-centric delivery teams who care.

When asked about their top frustration, CISOs in Professional Services said long and complex contracts (40%) which restrict flexibility and agility and, therefore, the control this industry needs. Further pain points included escalating too many false positives (26%), equally matched by their provider not being proactive (26%) and poor SLA Response Times (26%).

Clearly, providers are unable to provide the control, clarity, speed, and flexibility required for an industry that deals with highly confidential and valuable data, such as personal identification and business records, while becoming increasingly digital-centric.

It comes as little surprise then, that when asked “When next procuring cyber security operations what will you be looking for?” 30% said they’ll be taking a hybrid approach and 22% would be bringing operations back in house. To also fill the gaps where current providers are falling short, 19% will be seeking specialist expertise in specific areas.

Evidently, providers are on the edge of a huge, missed opportunity when it comes to the Professional Services sector. To build trust and prove their commitment, closer collaboration and a better understanding of the customer’s environment is required.

Rob Demain, CEO of e2e-assure, said:

“Our study sets out to unveil the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques.

“With Professional Service organisations most commonly outsourcing their cyber security operations, but with nearly 70% saying that they’re underperforming, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

With the findings highlighting the need for a shift in providers’ service offerings, the following key themes emerged for cyber defence rejuvenation in 2024:

1. Providers will need to prove their value

2. Contracts will need to be more commercially flexible

3. Service and tooling flexibility is a priority for organisations

4. Quality cyber defence needs to become more accessible to organisations of all sizes