A lack of cybersecurity skills and a need for advanced technology is leading many UK businesses to partner with managed security services providers (MSSPs), according to a report from security, risk and compliance services company NTT Security.
Key findings from the NTT Security "Risk: Value 2017" report, which featured responses from 1,350 business professionals, included:
- 38 percent of business professionals said they are planning to work with an MSSP, and 6 percent stated they currently work with an MSSP.
- Among business professionals who are currently using an MSSP, 31 percent said it is because of a lack of internal skills, and 27 percent indicated they want access to better technology.
- 28 percent noted they might consider an MSSP in the future.
- 28 percent said they believe it is more cost-effective to outsource their security to an MSSP or other third-party security vendors.
- Financial services companies lead the way in using third parties for security services, with 43 percent planning to use an MSSP, and 10 percent already using one.
Cyber threats are becoming increasingly complex and sophisticated, and many corporate IT teams are unable to keep pace, NTT Security Senior Vice President of EMEA Kai Grunwitz said in a prepared statement.
Fortunately, MSSPs provide specialized skills and knowledge and advanced threat detection and analytics technologies, Grunwitz stated, to help UK companies bolster their cybersecurity strategies without significant capital investments.
Is GDPR Driving the Demand for MSSPs?
The EU General Data Protection Regulation (GDPR), which is designed to standardize data privacy laws across Europe, is one of the primary factors that is leading the push for MSSPs, NTT Security stated. However, only 39 percent of UK companies have identified GDPR as a compliance issue, NTT Security noted in its report.
GDPR takes effect in May, and its key requirements include:
- EU businesses must report data breaches and provide a description of the measures taken to regulatory authorities within member states; in some cases, EU businesses must provide a description of measures taken to individuals affected by data breaches.
- EU businesses must appoint a data protection officer who is responsible for overseeing privacy within their respective organizations.
- Individuals have the right to gain access to data stored about them, to transfer it to a third-party and to have it deleted.
GDPR should be a priority for UK businesses, NTT Security stated. If these companies partner with MSSPs, they may be better equipped than ever before to comply with GDPR and avoid potential regulatory violations down the line.
"As the stakes rise for businesses in Europe and beyond, with the impending , they must bite the bullet and invest in cybersecurity," NTT Security wrote in its report. "This isn't simply a financial exercise. It also takes an inspired and engaged workforce to create a cultural shift within the organization."