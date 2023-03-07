This is why SA companies would outsource security

Kaspersky’s annual IT Security Economics report reveals that the complexity of cybersecurity solutions forced companies to outsource some functions to external infosec providers: they have more relevant expertise and can manage the technologies more efficiently than company employees.

A complex cybersecurity solution won’t guarantee the best protection without a competent specialist managing it. A company’s search for such qualified workers is complicated by the global shortage of experts in this field. This fact was illustrated by (ISC)² – an international, nonprofit membership association for information security leaders – which reported a 3,4-million-worker skills gap in the professional market in its 2022 Cybersecurity Workforce Study.

This situation forced businesses to outsource certain IT functions to managed service providers (MSP) or managed security service providers (MSSP) to get relevant expertise and up-skill teams.

Kaspersky’s research in South Africa conducted among IT decision makers found that 72,7% of SMBs and corporations said the most common reason to transfer certain IT security responsibilities to MSP/MSSP in 2022 was the efficiency external specialists provided. Among other most frequently mentioned reasons companies also named compliance requirements (69,7%), the need for specialist knowledge (63,6%), shortage of IT employees (57,6%), and the complexity of business processes (42,4%).

With regards to the cooperation with MSP/MSSP, 69,7% of companies surveyed in South Africa stated that they usually work with two or three providers, while 24,2% deal with more than four IT security service suppliers a year.

“External specialists can either manage all the cybersecurity processes in a company or just deal with separate tasks,” comments Konstantin Sapronov, head of global emergency response team at Kaspersky. “It usually depends on the size of the organisation, its maturity, and management’s desire to be involved in information security tasks.

“For some small and medium-sized companies it can be reasonable not to hire a full-time specialist and transfer some of his functions to MSP or MSSP as it will be more profitable in terms of cost and efficiency. For large corporations, outside specialists usually mean extra hands to help their own cybersecurity teams deal with a large volume of work.

“However, it is important to understand that in any case the company should have basic knowledge of information security to be able to assess the outsourcers’ work properly.”

To protect a company against sophisticated cyberattacks, even if it lacks security staff or internal specialists, Kaspersky recommends using managed protection services. Comprehensive expert training will also help IT security specialists to maintain relevant skills and to be best prepared for the cyber threat landscape.