Under-Performing Cyber Security Providers

Uploaded on 2024-01-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Almost half (44%) of Financial Services organisations that fully outsource their cyber security operations say their provider is underperforming, according to new research by Threat Detection and Response provider, e2e-assure.  

Having a solid cyber security defence strategy is of urgent importance for Financial Services organisations, with the UK Information Commissioner's Office (ICO) data breach reports showing that cyber security breaches in the industry have tripled since 2021 and e2e-assure's study echoes this trend, which has found that the vast majority (77%) of Financial Services organisations have experienced a cyber attack.  

Outsourcing is currently the most popular solution for Financial Services organisations when it comes to their cyber security operations (45%), compared with a hybrid approach (40%) or managing everything in-house (12%). 

The key reasons Financial Services organisations outsource are so they can respond to attacks quickly (46%), gain more control (40%) over their environment, and achieve better resilience (34%) against threat actors. 

  • Over a third (33%) of Financial Services organisations that outsource do not feel confident in their provider’s ability to act and respond to security incidences within 30 minutes of detection. 
  • A further 28% said their suppliers were escalating too many false positives, which can often occur with ‘out of the box’ set ups that are not efficiently tuned to the environment they’re monitoring. As a result, only 30% feel that they are resilient.  

The survey found that hybrid teams, rather than fully outsourced providers, more commonly provide CISOs and cyber security decision makers in the Financial Services sector with stronger accountability with agreed SLAs and KPIs (61% vs 53%), client-centric delivery by teams that care (50% vs 33%), good SLA response times (66% vs 58%) and the ability to respond to threats within 30-minutes (89% vs 67%).  

When asked what Financial Services organisations want from their providers, nearly half of those that currently outsource (49%) said they don’t have but desire flexible contracts that can adapt the scope of the original contract signing.  40% said that a key frustration was having to continually bolt on new service offerings to meet security needs.

This can restrict an organisation’s agility and make it difficult for them to rapidly respond to cyber threats as they evolve. With organisations locked into contracts that are not fit for purpose, this is putting them at greater risk of compromise.  

Rob Demain, CEO of e2e-assure, commented “With Financial Services organisations most commonly outsourcing their cyber security operations, but with almost half saying that they’re underperforming, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

The majority (58%) of Financial Services organisations questioned said that they will either be looking for a hybrid solution to extend their current team when they next procure their security operations, or seek ‘specialist expertise’, it’s clear there is an appetite amongst cyber security professionals to pass on more responsibility.

With the findings highlighting the need for a shift in the service offerings from providers, five key themes emerged for cyber defence rejuvenation in 2024:   

1.    Providers will need to prove their value.

2.    Security teams will relinquish more control to trusted providers.

3.    Contracts will need to be more commercially flexible.

4.    Service and tooling flexibility is a priority for organisations.

5.    Quality cyber defence needs to become more accessible to organisations of all sizes.

To read e2e-assure's report which also reveals why providers are unfit for purpose, the top frustrations with outsourcing SOC-as-a-service, and how Financial Services can navigate the challenges of locked-in cyber contracts, Click Here

Image: Tero Vesalainen

You Might Also Read: 

Boards Need To Step Up Or Risk Cybersecurity Fines:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security Education From Childhood Is Becoming Vital
Navigating Cloud-Native Application Security With CWPP »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Morgan Lewis Law

Morgan Lewis Law

Morgan Lewis is an international law firm with offices in North America, Europe, Asia, and the Middle East. Practice areas include Privacy and Cybersecurity.

Eden Legal

Eden Legal

Eden Legal provides legal services on commercial and regulatory issues affecting digital businesses.

Cloudmark

Cloudmark

Cloudmark is a trusted leader in intelligent threat protection against known and future attacks, safeguarding 12 percent of the world’s inboxes from wide-scale and targeted email threats.

GuardiCore

GuardiCore

GuardiCore is an innovator in internal data center security and breach detection and is transforming security inside data centers and clouds.

Evidence Talks (ETL)

Evidence Talks (ETL)

A leading forensic computing authority developing unique digital forensic technologies. Tools that detect potential terrorists & criminals & used by the military, enforcement & intelligence commmunity

Stage2Data

Stage2Data

Stage2Data is one of Canada’s most trusted cloud solution providers offering hosted Backup and Disaster Recovery Services.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Censys

Censys

Our customers rely on Censys data to get the global visibility they need of their attack surfaces in order to proactively prevent nation-state attacks and emerging threats.

NTT Group

NTT Group

NTT offers agile, scalable technology services to bring it all together seamlessly, securely, and sustainably. We help you adopt a holistic security approach across your network, clouds, applications.

Dutch Institute for Vulnerability Disclosure (DIVD)

Dutch Institute for Vulnerability Disclosure (DIVD)

DIVD's aim is to make the digital world safer by reporting vulnerabilities we find in digital systems to the people who can fix them.

Bugbank

Bugbank

Bugbank (aka Vulnerability Bank) is a leading SaaS platform for internet security services in China.

Laneden

Laneden

Laneden specialise in helping organisations identify security concerns and quantify the risks you may have across your assets, using Penetration Testing, Threat Simulation and Compliance Testing.

SignMyCode

SignMyCode

SignMyCode is a one-stop shop for trusted and authentic code signing solutions to safeguard software.

National Centre for Digital Security (CNSD) - Peru

National Centre for Digital Security (CNSD) - Peru

The National Center for Digital Security manages and supervises the operation of Digital Security in Peru in order to strengthen digital trust.

Focus Group

Focus Group

Focus Group are one of the UK’s leading independent providers of essential business technology. Here to take care of all your telecoms, IT and connectivity services.

appNovi

appNovi

appNovi inventories everything to map the attack surface, identify missing security agents, and prioritize vulnerabilities based on exposure.