According to new research by threat detection and response provider, e2e-assure, three quarters (75%) of healthcare organisations would relinquish some control to enable decisions to be made quicker by specialists on cyber threats.
Having a solid cyber security defence strategy is of urgent importance for healthcare organisations, with e2e-assure’s study finding the vast majority of them (77%) have experienced a cyber-attack.
Only 13% describe their cyber security provider or in-house team as “exceeding expectations,” which is lower than the average across industries at 16%.
Outsourcing is currently the most popular solution for healthcare organisations when it comes to their cyber security operations (41%), compared with a hybrid approach (40%) or managing everything in-house (16%).
This may change, as 31% believe their provider or in-house team is underperforming and are looking to make changes.
Of those utilising SOC-as-a-Service, which is one of the top operations outsourced by the Healthcare sector, only 5% said their service “exceeds expectations.”
The research repeatedly reflects a strong trend from the healthcare sector towards either relinquishing responsibility or working more closely with providers.
Over a third (35%) of them are looking for a hybrid solution to extend their current teams.
Aside from enabling decisions to be made quicker by specialists, 69% would relinquish some control to reduce the reliance on their teams and 67% to enable faster response times.
It comes as no surprise that speed is also essential – with 52% saying it’s a priority when it comes to making decisions around their cyber security environment.
Control is the least important at 27%, again reflecting the trend that healthcare organisations want to be able to rely on their providers.
However, when it comes to the use of threat intelligence, 40% are unconfident in threat intelligence to proactively detect threats and 31% are unconfident in their operation’s ability to respond to an alert/incident within 30 minutes.
The biggest “don’t have but desire” of healthcare organisations is real-time visibility of reporting dashboards (55%) and around half (49%) don’t feel they have client-centric delivery teams who care.
Therefore, before healthcare organisations are going to pass over more control, providers need to build their trust and show that they “care” through closer collaboration and better understanding of the customer’s environment, said e2e-assure.
The biggest three frustrations include a lack of proactivity to fine tune alerts and protect environments (33%), long and complex contract terms (29%) and slow/poor communication with analysts and/or account managers (28%).
There is a way to go before providers are supporting healthcare organisations with the speed, proactivity and flexibility they need to tackle the onslaught of cyber-attacks, exhausting an already over tired workforce, said the company.
“Our study sets out to unveil the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques,” said Rob Demain, CEO, e2e-assure.
“With Healthcare organisations most commonly outsourcing their cyber security operations, but with almost half (49%) saying that don’t believe they have client-centric delivery teams who care, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”