SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand
Guides
#
cloud security
#
cybersecurity
#
endpoint protection
#
firewall
#
ransomware
Search
Story image
#
Cybersecurity
#
Cyber attacks
#
IT professionals
Cybersecurity providers failing most professional services firms
Fri, 29th Mar 2024
Author image
By Catherine Knowles, Journalist
Follow us

Almost 70% of professional services organisations are struggling with underperforming cyber security providers, according to new research by cyber security provider, e2e-assure. The report further reveals that only one in five (20%) of such organisations would describe themselves as resilient.

The study discovered that 77% of Professional Service firms have had an experience with cyber attacks, underscoring the urgent need for effective cyber security defences. Despite this, these organisations are grappling with inadequate protection from their providers.

The approach that the majority of Professional Service organisations currently adopt in dealing with their cyber security operations is outsourcing (40%). However, with 43% of the sector citing control over their cyber security service as a significant factor in decision-making processes around their security environment, providers may need to rethink their strategy to ensure they are delivering value for money.

However, e2e-assure's data suggests that this trust is not being reciprocated, with 57% of the Chief Information Security Officers (CISOs) in the sector expressing dissatisfaction. These security professionals are uncertain about the efficacy of threat intelligence, either due to a lack of measurable positive impact (45%) or because it doesn’t get employed for detecting threats within their environment (12%). Additionally, many respondents complained about inflexible contracts (51%), unclear pricing (49%) and lack of real-time visibility of dashboards (48%).

According to the CISOs in the Professional Services sector, their primary frustration arises from lengthy and complex contracts (40%), which restrict flexibility and control. Other pain points include unnecessary escalations of false positives (26%), a lack of proactiveness from the provider (26%), and slow response times to SLAs (26%).

The results of these frustrations are clear. When next procuring their cyber security operations, 30% of respondents have expressed intending to adopt a hybrid approach, while 22% are considering bringing operations back in-house. Additionally, to fill the gaps where current providers are lacking, 19% of organisations will be looking for specialist expertise in particular areas.

Rob Demain, CEO of e2e-assure, commented on this industry-wide issue: "Our study aims to highlight the performance of cyber security providers, as criminals deploy increasingly advanced extortion techniques. It's clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024."

Based on these findings, the report suggests the need for a significant shift in how these cyber defence strategies are delivered: providers need to demonstrate their value, contracts should be more commercially flexible, services and tools need to be adaptable, and quality cyber defence should become more accessible to organisations of all sizes.

Related stories
Smarttech247 & SentinelOne launch AI-powered cybersecurity for SMEs
GitHub's 2FA initiative helps secure software supply chain
Jason Haddix joins Flare as Field Chief Information Security Officer
AI tools linked to data exposure in 1 in 5 UK organisations
Trend Micro introduces AI-driven cyber risk management features
Top stories
Zscaler introduces enhanced ZDX service for improved IT operations
The importance of cybersecurity training for software developers
HID acknowledged as Leader in Gartner Magic Quadrant for Indoor Location Services
Exclusive: How Darktrace is tackling AI-driven cybersecurity
Record ransomware attacks in March 2024, report finds