New research conducted by e2e-assure indicates that a significant proportion of mid-sized companies, approximately 59%, express diminished confidence in their ability to detect cyber threats. This contrasts with just over half of enterprises, where 52% share this concern.
Ensuring robust protection against cyber threats has become an urgent imperative for companies, given the escalating challenges posed by ransomware attacks. E2e-assure’s research reveals that a substantial majority, 75%, of Chief Information Security Officers (CISOs) and key decision-makers in the realm of cybersecurity have encountered cyberattacks. Moreover, the frequency of security breaches shows no sign of abating. According to a recent study by GOV.UK, a fifth of businesses admit to experiencing breaches or attacks on a weekly basis over the past year.
Despite the fact that mid-sized companies are more inclined to outsource their cybersecurity operations, at 57%, the research indicates that they fare poorly in comparison to enterprises. To be precise, 47% of mid-sized companies report that their service provider is underperforming, as opposed to 37% of enterprises. This might explain why only 22% of mid-sized firms believe they possess the resilience needed to withstand cyber threats.
In terms of contract flexibility, 62% of mid-market companies claim to lack contracts that can adapt to changes in the initial agreement, while only 46% of enterprises face this issue. Furthermore, 66% of mid-sized companies lack transparent pricing from their service provider, compared to 44% of large organizations.
The survey also highlights that services are less likely to be tailored for mid-sized organisations. For instance, 57% of mid-sized companies are less likely to benefit from client-centric delivery teams, in contrast to 50% of enterprises. Over half, 58%, of mid-sized organisations do not have access to tools that can be customized to meet their specific business needs, compared to 50% of enterprises.
This discrepancy means that mid-sized organisations are not enjoying the same level of specialist expertise as their enterprise counterparts, potentially leaving them at a higher risk of security compromise.
According to Rob Demain, the CEO of e2e-assure: “Our report aimed to unveil the insights of CISOs and decision-makers regarding the performance of their security operations in a year that has proven to be monumental for cybercrime. While mid-sized organisations are the most prominent outsourcers in our study, the majority express dissatisfaction with their current support, highlighting the critical need for a shift in service and commercial offerings from cybersecurity providers to better assist mid-sized companies in safeguarding against breaches.”
Nonetheless, with nearly one-third (29%) of mid-sized companies indicating their intention to seek outsourced cybersecurity providers in their next procurement cycle, there is evidently a strong desire among cybersecurity professionals to entrust more responsibilities to external experts.
The findings underscore the necessity for a transformation in the services offered by providers, leading to the emergence of five key themes for rejuvenating cyber defence in 2024:
1. Providers must demonstrate their value.
2. Security teams will need to relinquish more control to trusted providers.
3. Contracts should be more commercially flexible.
4. Flexibility in services and tools becomes a priority for organizations.
5. Quality cyber defence needs to become more accessible to organisations of all sizes.
To read the full report which also reveals the rise of hybrid cyber security models, the key frustrations of cyber security teams and advice on how they can stay ahead of cyber threats, click here.