Under-Performing Cyber Security Providers

Uploaded on 2024-01-29 in NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-Financial

Almost half (44%) of Financial Services organisations that fully outsource their cyber security operations say their provider is underperforming, according to new research by Threat Detection and Response provider, e2e-assure.  

Having a solid cyber security defence strategy is of urgent importance for Financial Services organisations, with the UK Information Commissioner's Office (ICO) data breach reports showing that cyber security breaches in the industry have tripled since 2021 and e2e-assure's study echoes this trend, which has found that the vast majority (77%) of Financial Services organisations have experienced a cyber attack.  

Outsourcing is currently the most popular solution for Financial Services organisations when it comes to their cyber security operations (45%), compared with a hybrid approach (40%) or managing everything in-house (12%). 

The key reasons Financial Services organisations outsource are so they can respond to attacks quickly (46%), gain more control (40%) over their environment, and achieve better resilience (34%) against threat actors. 

  • Over a third (33%) of Financial Services organisations that outsource do not feel confident in their provider’s ability to act and respond to security incidences within 30 minutes of detection. 
  • A further 28% said their suppliers were escalating too many false positives, which can often occur with ‘out of the box’ set ups that are not efficiently tuned to the environment they’re monitoring. As a result, only 30% feel that they are resilient.  

The survey found that hybrid teams, rather than fully outsourced providers, more commonly provide CISOs and cyber security decision makers in the Financial Services sector with stronger accountability with agreed SLAs and KPIs (61% vs 53%), client-centric delivery by teams that care (50% vs 33%), good SLA response times (66% vs 58%) and the ability to respond to threats within 30-minutes (89% vs 67%).  

When asked what Financial Services organisations want from their providers, nearly half of those that currently outsource (49%) said they don’t have but desire flexible contracts that can adapt the scope of the original contract signing.  40% said that a key frustration was having to continually bolt on new service offerings to meet security needs.

This can restrict an organisation’s agility and make it difficult for them to rapidly respond to cyber threats as they evolve. With organisations locked into contracts that are not fit for purpose, this is putting them at greater risk of compromise.  

Rob Demain, CEO of e2e-assure, commented “With Financial Services organisations most commonly outsourcing their cyber security operations, but with almost half saying that they’re underperforming, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

The majority (58%) of Financial Services organisations questioned said that they will either be looking for a hybrid solution to extend their current team when they next procure their security operations, or seek ‘specialist expertise’, it’s clear there is an appetite amongst cyber security professionals to pass on more responsibility.

With the findings highlighting the need for a shift in the service offerings from providers, five key themes emerged for cyber defence rejuvenation in 2024:   

1.    Providers will need to prove their value.

2.    Security teams will relinquish more control to trusted providers.

3.    Contracts will need to be more commercially flexible.

4.    Service and tooling flexibility is a priority for organisations.

5.    Quality cyber defence needs to become more accessible to organisations of all sizes.

To read e2e-assure's report which also reveals why providers are unfit for purpose, the top frustrations with outsourcing SOC-as-a-service, and how Financial Services can navigate the challenges of locked-in cyber contracts, Click Here

Image: Tero Vesalainen

You Might Also Read: 

Boards Need To Step Up Or Risk Cybersecurity Fines:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« Cyber Security Education From Childhood Is Becoming Vital
Navigating Cloud-Native Application Security With CWPP »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

PFP Cybersecurity

PFP Cybersecurity

PFP provides a SaaS solution for life-cycle protection based on our IoT security platform and power usage analytics.

vArmour

vArmour

vArmour is the industry’s first distributed security system that provides insight and control for multi-cloud environments.

Onapsis

Onapsis

Onapsis is a pioneer in cybersecurity and compliance solutions for cloud and on-premise ERP and business-critical applications.

RevenueStream

RevenueStream

RevenueStream uses an innovative algorithmic approach to intercept and prevent payment fraud before it even happens.

VMRay

VMRay

VMRay delivers advanced threat analysis and detection that combines a unique agentless hypervisor-based network sandbox with a real-time reputation engine.

NetSPI

NetSPI

NetSPI is an information security penetration testing and vulnerability assessment management advisory firm.

Cythereal

Cythereal

Cythereal is the leader in predicting and preventing advanced malware attacks. Security Automation for the Overwhelmed Administrator.

FPT Software

FPT Software

As a leading technology service provider, FPT assists customers of all sizes and from any industries in implementing and adapting digital technologies including cybersecurity.

Punk Security

Punk Security

Punk Security are specialists in integrating security into DevOps pipelines, enabling rapid and secure development.

Retruster

Retruster

Protect your users against phishing emails, ransomware & fraud with the most advanced, user-friendly, non-intrusive solution available.

Aunalytics

Aunalytics

Aunalytics is a data platform company that delivers insights as a service to answer your most important IT and business questions.

Beyon Cyber

Beyon Cyber

Beyon Cyber offer a complete portfolio of advanced solutions & services for cyber security in Bahrain.

Access Venture Partners

Access Venture Partners

Access Venture Partners are an early stage VC firm investing in bold founders and helping every step of the way. Areas we give special focus to include cybersecurity.

VT Group (VTG)

VT Group (VTG)

VTG delivers force modernization and digital transformation solutions that expand America’s competitive advantage in the modern battlespace.

WillCo Tech

WillCo Tech

WillCo Tech works to enhance national security and force readiness for military and commercial enterprises with a suite of software capabilities surrounding the human element of cybersecurity.

Interlynk

Interlynk

Interlynk's #SBOM and # VEX-powered platform automates and continuously monitors first-party and vendor software supply chains and helps meet #FDA, #CRA, #GSA, and #DoD compliance obligations.