Healthcare Has Issues With Outsourced Cyber Security

Three quarters (75%) of Healthcare organisations would relinquish some control to enable decisions to be made quicker by specialists on cyber threats, according to new research by threat detection and response provider, e2e-assure.  

The study focuses on the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques.

Having a solid cyber security defence strategy is of urgent importance for Healthcare organisations, with e2e-assure's study finding the vast majority of Healthcare organisations (77%) have experienced a cyber attack. 

Outsourcing is currently the most popular solution for Healthcare organisations when it comes to their cyber security operations (41%), compared with a hybrid approach (40%) or managing everything in-house (16%). 
This may change, as 31% believe their provider or in-house team is underperforming and are looking to make changes. Of those utilising SOC-as-a-Service, which is one of the top operations outsourced by the Healthcare sector, only 5% said their service “exceeds expectations.”  

The research repeatedly reflects a strong trend from the Healthcare sector towards either relinquishing responsibility or working more closely with providers. 

Over a third (35%) of them are looking for a hybrid solution to extend their current teams. And aside from enabling decisions to be made quicker by specialists, 69% would relinquish some control to reduce the reliance on their teams and 67% to enable faster response times.  

It comes as no surprise that speed is also essential, with 52% saying it’s a priority when it comes to making decisions around their cyber security environment. Control is the least important at 27%, again reflecting the trend that Healthcare organisations want to be able to rely on their providers.  

  • However, when it comes to the use of threat intelligence, 40% are unconfident in threat intelligence to proactively detect threats and 31% are unconfident in their operation’s ability to respond to an alert/incident within 30 minutes.
  • Worryingly, only 13% describe their cyber security provider or in-house team as “exceeding expectations,” which is lower than the average across industries at 16%. 
  •  The biggest “don’t have but desire” of Healthcare organisations is real-time visibility of reporting dashboards (55%) and around half (49%) don’t feel they have client-centric delivery teams who care. 

Before Healthcare organisations are going to pass over more control, security providers need to build their trust and show that they “care” through closer collaboration and better understanding of the customer’s environment. Five key themes or cyber defence rejuvenation in 2024 emerged from the study:-

  • Providers will need to prove their value.
  • Security teams will relinquish more control to trusted providers.
  • Contracts will need to be more commercially flexible.
  • Service and tooling flexibility is a priority for organisations.
  • Quality cyber defence needs to become more accessible to organisations of all sizes

The biggest three frustrations include a lack of proactivity to fine tune alerts and protect environments (33%), long and complex contract terms (29%) and slow/poor communication with analysts and/or account managers (28%). 

There is a way to go before providers are supporting Healthcare organisations with the speed, proactivity and flexibility they need to tackle the onslaught of cyber attacks, exhausting an already over tired workforce.  

CEO of e2e-assure Rob Demain commented “With Healthcare organisations most commonly outsourcing their cyber security operations, but with almost half (49%) saying that don’t believe they have client-centric delivery teams who care, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

With the findings highlighting the need for a shift in the service offerings from providers, e2e-assure's report also reveals why providers are unfit for purpose, the top frustrations with outsourcing SOC-as-a-service and navigating the challenges of locked-in cyber contracts.

Image: Owen Beard

You Might Also Read: 

Under-Performing Cyber Security Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Supply Chain: AnyDesk Customers Affected By Credentials Breach
Neuralink Implant A Brain Chip In A Human »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 8,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cofense

Cofense

Cofense (formerly PhishMe) is a leading provider of human-driven phishing defense solutions.

CLUSIL

CLUSIL

CLUSIL is an association for the information security industry in Luxembourg.

National Association of Software and Services Companies (NASSCOM) - India

National Association of Software and Services Companies (NASSCOM) - India

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

CyberSift

CyberSift

CyberSift is a cyber security provider. We develop threat detection software which needs no infrastructure changes as it integrates with almost any security tool.

Preempt Security

Preempt Security

The Preempt Platform delivers adaptive threat prevention that continuously preempts threats based on identity, behavior and risk.

Rhebo

Rhebo

Rhebo Industrial Protector monitors and ensures the continuous, correct, and predictable operation of real-time Industrial Control Systems to prevent outages and reduce downtimes.

CryptoTec

CryptoTec

CryptoTec is a provider of security concepts and encryption solutions for secure communication between decentralized computerized systems.

NetKnights

NetKnights

NetKnights is an independent IT security company which offers services and products for strong authentication, identity management and encryption.

Samoby

Samoby

Samoby provide a subscription solution for Mobile Threat Protection and usage control on Android and iOS devices.

SAST

SAST

SAST provide Static Application Security Testing as a service based on SAST Tools.

Scythe

Scythe

SCYTHE is a next generation red team platform for continuous and realistic enterprise risk assessments.

CentricalCyber

CentricalCyber

CentricalCyber is a cyber risk consultancy and NIST CSF specialist set up to help business leaders better understand and manage cyber risk.

Bugbank

Bugbank

Bugbank (aka Vulnerability Bank) is a leading SaaS platform for internet security services in China.

Data Protection Commission (DPC) - Ireland

Data Protection Commission (DPC) - Ireland

The Data Protection Commission (DPC) is the national independent authority responsible for upholding the fundamental right of individuals in the EU to have their personal data protected.

Topsec Cloud Solutions

Topsec Cloud Solutions

The Topsec Managed Email Security Platform eliminates Spam, Viruses, Malware, and Phishing.

Yotta Infrastructure Solutions

Yotta Infrastructure Solutions

Yotta Infrastructure, a Hiranandani group company, provide Datacenter Colocation and Tech Services such as Cloud services, Network & Connectivity, IT Security and IT Management services.