Cybercrime is a growing problem, and many companies don’t have the in-house talent to protect their networks. Managed IT services offer companies a powerful and cost-effective way to fight back.
From the WannaCry ransomware attack that infected as many as 300,000 computers to the Equifax breach that compromised more than 140 million consumers’ personal data, 2017 wasn’t exactly a landmark year for cybersecurity. Unfortunately, a new report from insurance underwriting firm Hiscox suggests that the outlook for 2018 isn’t much better.
“The cyber threat itself is set to grow in volume and severity as criminal groups gain access to more sophisticated tools and become more reckless,” explains Hiscox advisor and former Director of the UK Government’s Communication Headquarters Robert Hannigan. “The rapid growth of the ‘internet of things’ will amplify insecurities by adding millions of new devices with minimal built-in security.” But with a severe shortage of cybersecurity experts for hire in the job market, companies looking to protect themselves are faced with limited options.
The report divides companies into three tiers of cyber-readiness — cyber novices, cyber intermediates, and cyber experts — based on both the quality and execution of their security strategies. Among American companies, 70% qualify as novices, 17% qualify as intermediates, and 13% qualify as experts, only slightly better than the global averages of 73%, 16%, and 11%, respectively.
Unsurprisingly, this general lack of expertise led nearly half (45%) of all companies to fall prey to at least one cyber attack in 2017. What’s more, once a company’s vulnerabilities were exposed, they tended to be exploited again and again. According to the report, “of those organizations that were targeted, more than two-thirds (67%) suffered two or more attacks and just over one in five (21%) suffered four or more.”
When confronted with figures like Hiscox’s, many people’s first question is, “Why is this happening?” Generally speaking, it’s not due to a lack of awareness: 66% of companies rank cyberattacks right alongside fraud as the biggest threat to their business. Effective cybersecurity really comes down to people, but as Hannigan points out, “For those trying to protect against attack, the shortage of cyberskills will continue to be chronic.”
According to cybersecurity giant McAfee, 82% of companies agree that there remains a shortage of workers possessing the requisite skill sets to implement and maintain robust corporate cybersecurity protocols. In 2015, nearly 210,000 cybersecurity jobs went unfilled in the U.S. alone, and McAfee predicts that the global cybersecurity workforce shortfall will grow to between one and two million by next year. As a result, companies expect that as many as 15% of their cybersecurity positions will remain unfilled through at least 2020.
This scarcity of cybersecurity professionals has driven up their wages quite substantially. “The median cybersecurity salary…is at least 2.7 times the average wage,” McAfee reports. “Cybersecurity jobs in the United States pay an average of $6,500 more than other IT professions, a 9% premium.” McAfee’s research even suggests that lead software engineers make roughly $8,000 more per year than the average Chief Information Security Officer (CISO) that oversees their activities!
Ultimately, the Hiscox report concludes that when it comes to cybersecurity, companies get what they pay for. Among enterprise-level companies, cyber experts have larger IT budgets ($19.8 million versus $9.9 million) and devote a larger fraction of those budgets to cybersecurity specifically (12.6% versus 9.9%) than cyber novices.
Of course, most small and mid-sized businesses simply don’t have the resources to make such an enormous investment in cybersecurity. Fortunately, budget-conscious businesses have a viable alternative. “For smaller firms that lack the expertise for managing or fixing a breach, outsourcing can be an alternative approach,” the report explains. “Even bigger organizations often lack the ability to field an instant response team around the clock.”
Driven in large part by the rising tide of cybercrime and the cybersecurity skills shortage, many companies have already started to utilize managed IT services. As in any relationship with a managed services provider, managed IT services allows companies to both budget more effectively and rest easy knowing that their networks will always be secured according to specific thresholds established in a service-level agreement (SLA).
From designing and deploying WLANs to monitoring network usage at the device level to striking the right balance between network performance and network security, modern corporate cybersecurity is an incredibly complex, incredibly challenging endeavor. Executing it effectively takes time, resources, and extensive personpower — that’s why more than 67% of U.S. companies already outsource threat-detection tasks like network monitoring and access management.
If the last 18 months are any indication of where the corporate cybersecurity landscape is headed, it might be a smart move to hop on the bandwagon.