Healthcare Has Issues With Outsourced Cyber Security

Three quarters (75%) of Healthcare organisations would relinquish some control to enable decisions to be made quicker by specialists on cyber threats, according to new research by threat detection and response provider, e2e-assure.  

The study focuses on the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques.

Having a solid cyber security defence strategy is of urgent importance for Healthcare organisations, with e2e-assure's study finding the vast majority of Healthcare organisations (77%) have experienced a cyber attack. 

Outsourcing is currently the most popular solution for Healthcare organisations when it comes to their cyber security operations (41%), compared with a hybrid approach (40%) or managing everything in-house (16%). 
This may change, as 31% believe their provider or in-house team is underperforming and are looking to make changes. Of those utilising SOC-as-a-Service, which is one of the top operations outsourced by the Healthcare sector, only 5% said their service “exceeds expectations.”  

The research repeatedly reflects a strong trend from the Healthcare sector towards either relinquishing responsibility or working more closely with providers. 

Over a third (35%) of them are looking for a hybrid solution to extend their current teams. And aside from enabling decisions to be made quicker by specialists, 69% would relinquish some control to reduce the reliance on their teams and 67% to enable faster response times.  

It comes as no surprise that speed is also essential, with 52% saying it’s a priority when it comes to making decisions around their cyber security environment. Control is the least important at 27%, again reflecting the trend that Healthcare organisations want to be able to rely on their providers.  

  • However, when it comes to the use of threat intelligence, 40% are unconfident in threat intelligence to proactively detect threats and 31% are unconfident in their operation’s ability to respond to an alert/incident within 30 minutes.
  • Worryingly, only 13% describe their cyber security provider or in-house team as “exceeding expectations,” which is lower than the average across industries at 16%. 
  •  The biggest “don’t have but desire” of Healthcare organisations is real-time visibility of reporting dashboards (55%) and around half (49%) don’t feel they have client-centric delivery teams who care. 

Before Healthcare organisations are going to pass over more control, security providers need to build their trust and show that they “care” through closer collaboration and better understanding of the customer’s environment. Five key themes or cyber defence rejuvenation in 2024 emerged from the study:-

  • Providers will need to prove their value.
  • Security teams will relinquish more control to trusted providers.
  • Contracts will need to be more commercially flexible.
  • Service and tooling flexibility is a priority for organisations.
  • Quality cyber defence needs to become more accessible to organisations of all sizes

The biggest three frustrations include a lack of proactivity to fine tune alerts and protect environments (33%), long and complex contract terms (29%) and slow/poor communication with analysts and/or account managers (28%). 

There is a way to go before providers are supporting Healthcare organisations with the speed, proactivity and flexibility they need to tackle the onslaught of cyber attacks, exhausting an already over tired workforce.  

CEO of e2e-assure Rob Demain commented “With Healthcare organisations most commonly outsourcing their cyber security operations, but with almost half (49%) saying that don’t believe they have client-centric delivery teams who care, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

With the findings highlighting the need for a shift in the service offerings from providers, e2e-assure's report also reveals why providers are unfit for purpose, the top frustrations with outsourcing SOC-as-a-service and navigating the challenges of locked-in cyber contracts.

Image: Owen Beard

You Might Also Read: 

Under-Performing Cyber Security Providers:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

 

« Supply Chain: AnyDesk Customers Affected By Credentials Breach
Neuralink Implant A Brain Chip In A Human »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Bundesdruckerei

Bundesdruckerei

Bundesdruckerei specializes in secure identity technologies and services for protecting sensitive data, communications and infrastructures.

Materna Virtual Solution

Materna Virtual Solution

Materna Virtual Solution security solutions enable user-friendly, secure mobile working environments.

Lynxspring

Lynxspring

Lynxspring provides edge-to-enterprise solutions and IoT technology for intelligent buildings, energy management, equipment control and specialty machine-to-machine applications.

Cyber Security Expo

Cyber Security Expo

Cyber Security EXPO is a unique one day recruitment event for the cyber security industry.

Secure Innovations

Secure Innovations

Secure Innovations is a cybersecurity firm dedicated to providing top-tier cyber security solutions for the Defense and the Intelligence Community.

SCIS Security

SCIS Security

SCIS Security provides affordable cyber security services and solutions to small to medium sized businesses and homes.

CNA Insurance

CNA Insurance

CNA offers a market-leading suite of cyber liability insurance products and risk control resources for businesses of all sizes.

Ultratec

Ultratec

Ultratec provide a range of data centric services and solutions including data recovery, data erasure, data destruction and full IT Asset Disposal (ITAD).

OWN

OWN

OWN (formerly SEKOIA) is a major French player in cybersecurity providing tailor-made, informed and adapted cyber support thanks to its DNA of passionate and committed experts.

LTIMindtree

LTIMindtree

LTIMindtree is a new kind of technology consulting firm. We help businesses transform – from core to experience – to thrive in the marketplace of the future.

CIBR Warriors

CIBR Warriors

CIBR Warriors are a leading cyber security and networking staffing company that provides workforce solutions with businesses nationwide in the USA.

Orbus Software

Orbus Software

Orbus develops, markets and sells enterprise software which helps large, blue chip and government organisations across the globe to achieve digital transformation outcomes.

Valence Security

Valence Security

Valence manages and secures your Business Application Mesh by delivering visibility, reducing unauthorized access and preventing data loss.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

Zaviant Consulting

Zaviant Consulting

Zaviant Consulting is a leading data security and privacy consulting firm assisting organizations comply with constantly evolving security frameworks and privacy regulations.

SpeQtral

SpeQtral

SpeQtral offers commercial space-based Quantum Key Distribution (QKD) founded on technology developed at the National University of Singapore.