According to new research by e2e-assure, 69% of Professional Service organisations admitted its cyber security provider is either underperforming (31%) or that there’s room for improvement (38%).
Having a solid cyber security defence strategy is of urgent importance for CISOs and cyber security decision makers in Professional Service organisations, with e2e-assure’s study finding most (77%) have experienced a cyber attack.
Despite this, only one in five (20%) would describe themselves as “resilient.”
Outsourcing is currently the most popular solution for Professional Service organisations when it comes to their cyber security operations (40%), compared with a hybrid approach (38%) or managing everything in house (17%).
But with those in the sector citing control over its cyber security service as the most important factor when making decisions around its security environment (43%), providers need to ensure they are delivering ROI.
The majority (57%) of CISOs in the sector state they are either unconfident that threat intelligence is being used as it has had no measurable positive impact (45%), or they know that threat intelligence has not been implemented to detect threats within their environment (12%).
Most respondents also said that they don’t have flexible contracts (51%), transparent pricing (49%) or real-time visibility of dashboards (48%).
In fact, over half (55%) don’t even feel they have client-centric delivery teams who care.
When asked about its top frustration, CISOs in Professional Services said long and complex contracts (40%) which restrict flexibility and agility and, therefore, the control this industry needs.
Further pain points included escalating too many false positives (26%), equally matched by their provider not being proactive (26%) and poor SLA Response Times (26%).
Clearly, providers are unable to provide the control, clarity, speed and flexibility required for an industry that deals with highly confidential and valuable data, such as personal identification and business records, while becoming increasingly digital-centric.
It comes as little surprise then, that when asked “When next procuring cyber security operations what will you be looking for?” 30% said they’ll be taking a hybrid approach and 22% would be bringing operations back in house.
To also fill the gaps where current providers are falling short, 19% will be seeking specialist expertise in specific areas.
“Our study sets out to unveil the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques,” said Rob Demain, CEO, e2e-assure.
“With Professional Service organisations most commonly outsourcing their cyber security operations, but with nearly 70% saying that they’re underperforming, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”