More UK businesses are outsourcing their IT security because budgets are not growing as fast as the security threat.
A Pierre Audoin Consultants (PAC) study of 230 people at businesses with more than 1,000 staff found that the combination of increasing threats, shortage of skills and stagnant IT security budgets is pushing firms to outsource security.
Most respondents (70%) said cyber security threats are increasing and that cyber security is now a board-level issue. Less than half of the firms had seen a rise in their cyber security budgets.
“In response, firms are seeking external support from third-party providers, either in the form of on-site consultants working in-house, or outsourcing of cyber security provision, known as managed security services,” said PAC.
PAC found that 40% of companies buy in security expertise for specific projects, 34% use managed security services and 13% outsource all their cyber security provision. Only 21% do not use external cyber security resources.
Read more about cyber security
Duncan Brown, research director at PAC, said insufficient funds and a scarcity of skills are driving organisations reluctantly towards external resources, including outsourcing.
“Cyber security is critical to organisations," he said. "And although they currently use external providers, they are clear that when they do such providers must come with robust credentials.”
Three-quarters (73%) of respondents said they looked for a strong cyber security track record when selecting a supplier.
“Cyber security is too important to businesses for them to adopt additional risks with their suppliers,” added Brown. “It is important then for suppliers to communicate their track records, and strong industry knowledge is also extremely useful.”