Nearly three in four organizations (73%) reduced the impact of disruptive cyber incidents due to engaging with managed security services providers (MSSPs) and managed detection and response (MDR) providers, according to a new study.
The research by Optiv, a cybersecurity solutions integrator and Top 250 MSSP, found that the same dataset revealed 14% of the study’s 426 participants saw no impact from involvement with MSSPs and MDRs.
Respondents in the survey came from the financial services, manufacturing and healthcare industries, with 59% holding CISO/CSO, CIO, vice president and director level posts. Nearly half (48%) work at organizations with over 5,000 employees.
A Closer Look at Optiv's Research
The research was driven by a number of factors:
- As the cybersecurity talent gap widens, MSS and MDR services allow organizations to leverage outsourced solutions to advance cybersecurity maturity without increasing headcount.
- Clients can take advantage of external experts to effectively manage security resources without overloading their IT staff.
- With an evolving threat landscape, security leaders increasingly turn to MSSP/MDR solutions to tackle new concerns quickly thanks to the advanced capabilities and technologies of external providers.
The top three challenges (from a list of eight options) to their SecOps program, the following were the most frequently ranked:
- Hiring/retaining security talent (58%)
- Increasing sophistication of threat actors (57%)
- Constantly expanding attack surface (57%)
- Too many security tools that are not well integrated (33%)
On satisfaction with current MSSP/MDR providers from 1 (low) to 5 (high)
- 31% rated their provider 4-5.
- 13% rated 1-2.
- 56% were satisfied (score of 3)
When asked if they would prefer to procure security consulting services from an existing MSSP/MDR provider:
- Yes. 31%, because the incumbent provider might have better familiarity with the environment, which could enhance outcomes for services engagements.
- Yes. 14%, because this could help consolidate vendors.
Jason Lewkowicz, executive vice president and chief services officer at Optiv, said “speed, budget and talent retention” are critical to staying ahead in today’s cyber landscape. As he explained:
"If you don't have the budget to have the right talent, retain the right talent, invest in the right talent and move at the speed of technology changing, you will absolutely be left behind. Everything ties back to speed, which is why many organizations rely on managed security solution providers to provide rapid protection, rapid detection and rapid response."