SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Story image
Cybersecurity providers failing most professional services firms
Fri, 29th Mar 2024

Almost 70% of professional services organisations are struggling with underperforming cyber security providers, according to new research by cyber security provider, e2e-assure. The report further reveals that only one in five (20%) of such organisations would describe themselves as resilient.

The study discovered that 77% of Professional Service firms have had an experience with cyber attacks, underscoring the urgent need for effective cyber security defences. Despite this, these organisations are grappling with inadequate protection from their providers.

The approach that the majority of Professional Service organisations currently adopt in dealing with their cyber security operations is outsourcing (40%). However, with 43% of the sector citing control over their cyber security service as a significant factor in decision-making processes around their security environment, providers may need to rethink their strategy to ensure they are delivering value for money.

However, e2e-assure's data suggests that this trust is not being reciprocated, with 57% of the Chief Information Security Officers (CISOs) in the sector expressing dissatisfaction. These security professionals are uncertain about the efficacy of threat intelligence, either due to a lack of measurable positive impact (45%) or because it doesn’t get employed for detecting threats within their environment (12%). Additionally, many respondents complained about inflexible contracts (51%), unclear pricing (49%) and lack of real-time visibility of dashboards (48%).

According to the CISOs in the Professional Services sector, their primary frustration arises from lengthy and complex contracts (40%), which restrict flexibility and control. Other pain points include unnecessary escalations of false positives (26%), a lack of proactiveness from the provider (26%), and slow response times to SLAs (26%).

The results of these frustrations are clear. When next procuring their cyber security operations, 30% of respondents have expressed intending to adopt a hybrid approach, while 22% are considering bringing operations back in-house. Additionally, to fill the gaps where current providers are lacking, 19% of organisations will be looking for specialist expertise in particular areas.

Rob Demain, CEO of e2e-assure, commented on this industry-wide issue: "Our study aims to highlight the performance of cyber security providers, as criminals deploy increasingly advanced extortion techniques. It's clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024."

Based on these findings, the report suggests the need for a significant shift in how these cyber defence strategies are delivered: providers need to demonstrate their value, contracts should be more commercially flexible, services and tools need to be adaptable, and quality cyber defence should become more accessible to organisations of all sizes.