Under-Performing Cyber Security Providers

Almost half (44%) of Financial Services organisations that fully outsource their cyber security operations say their provider is underperforming, according to new research by Threat Detection and Response provider, e2e-assure.  

Having a solid cyber security defence strategy is of urgent importance for Financial Services organisations, with the UK Information Commissioner's Office (ICO) data breach reports showing that cyber security breaches in the industry have tripled since 2021 and e2e-assure's study echoes this trend, which has found that the vast majority (77%) of Financial Services organisations have experienced a cyber attack.  

Outsourcing is currently the most popular solution for Financial Services organisations when it comes to their cyber security operations (45%), compared with a hybrid approach (40%) or managing everything in-house (12%). 

The key reasons Financial Services organisations outsource are so they can respond to attacks quickly (46%), gain more control (40%) over their environment, and achieve better resilience (34%) against threat actors. 

  • Over a third (33%) of Financial Services organisations that outsource do not feel confident in their provider’s ability to act and respond to security incidences within 30 minutes of detection. 
  • A further 28% said their suppliers were escalating too many false positives, which can often occur with ‘out of the box’ set ups that are not efficiently tuned to the environment they’re monitoring. As a result, only 30% feel that they are resilient.  

The survey found that hybrid teams, rather than fully outsourced providers, more commonly provide CISOs and cyber security decision makers in the Financial Services sector with stronger accountability with agreed SLAs and KPIs (61% vs 53%), client-centric delivery by teams that care (50% vs 33%), good SLA response times (66% vs 58%) and the ability to respond to threats within 30-minutes (89% vs 67%).  

When asked what Financial Services organisations want from their providers, nearly half of those that currently outsource (49%) said they don’t have but desire flexible contracts that can adapt the scope of the original contract signing.  40% said that a key frustration was having to continually bolt on new service offerings to meet security needs.

This can restrict an organisation’s agility and make it difficult for them to rapidly respond to cyber threats as they evolve. With organisations locked into contracts that are not fit for purpose, this is putting them at greater risk of compromise.  

Rob Demain, CEO of e2e-assure, commented “With Financial Services organisations most commonly outsourcing their cyber security operations, but with almost half saying that they’re underperforming, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

The majority (58%) of Financial Services organisations questioned said that they will either be looking for a hybrid solution to extend their current team when they next procure their security operations, or seek ‘specialist expertise’, it’s clear there is an appetite amongst cyber security professionals to pass on more responsibility.

With the findings highlighting the need for a shift in the service offerings from providers, five key themes emerged for cyber defence rejuvenation in 2024:   

1.    Providers will need to prove their value.

2.    Security teams will relinquish more control to trusted providers.

3.    Contracts will need to be more commercially flexible.

4.    Service and tooling flexibility is a priority for organisations.

5.    Quality cyber defence needs to become more accessible to organisations of all sizes.

To read e2e-assure's report which also reveals why providers are unfit for purpose, the top frustrations with outsourcing SOC-as-a-service, and how Financial Services can navigate the challenges of locked-in cyber contracts, Click Here

Image: Tero Vesalainen

You Might Also Read: 

Boards Need To Step Up Or Risk Cybersecurity Fines:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cyber Security Education From Childhood Is Becoming Vital
Navigating Cloud-Native Application Security With CWPP »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

National Centre of Incident Readiness & Strategy for Cybersecurity (NISC) - Japan

NISC was established as a secretariat of the Cybersecurity Strategy Headquarters in collaboration with the public and private sectors to create a "free, fair and secure cyberspace" in Japan.

Athena Forensics

Athena Forensics

Athena Forensics is one of the UK's leading providers of Computer Forensics, Mobile Phone Forensics, Cell Site Analysis and Expert Witness Services.

National Association of Software and Services Companies (NASSCOM) - India

National Association of Software and Services Companies (NASSCOM) - India

NASSCOM is a trade association of Indian Information Technology and Business Process Outsourcing industry. Areas of activity include cyber security.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

PerimeterX

PerimeterX

PerimeterX is the leading provider of solutions that secure digital businesses against automated fraud and client-side attacks.

Business Continuity

Business Continuity

Business Continuity delivers integrated IT solutions for cybersecurity, virtualization, cloud platforms and operational security solutions.

DMARC360

DMARC360

DMARC360 analyzes your email traffic patterns and sources, rapidly deploys email authentication protocols and monitors your email domains with automated recommendations and incident response.

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP (MIT ESP)

MillenniumIT ESP provides solutions and services around Core Infrastructure, Cloud, Cyber Security, Enterprise Applications, Intelligent Automation and Data, Smart Buildings, and Managed Services.

Gatefy

Gatefy

Getfy is a cybersecurity company specialized in artificial intelligence and machine learning. We work to solve challenging issues, especially those involving email security.

Communications Fraud Control Association (CFCA)

Communications Fraud Control Association (CFCA)

CFCA is the premier International Association for fraud risk management, fraud prevention and profitability control.

DeXpose

DeXpose

DeXpose is a hybrid dark/deep web monitoring and attack surface mapping platform to help you find compromised data or exposed assets related to your organization way before threat actors.

inSOC

inSOC

inSOC is an enterprise-grade AI-driven SOCaaS solution detecting breaches 24/7 with vulnerability management built-in. Designed for MSPs and MSSPs.

Manifest

Manifest

Manifest is a cybersecurity company dedicated to helping enterprises secure their software supply chains.

Skillfield

Skillfield

Skillfield is a Melbourne based Cyber Security and Data Services consultancy and professional services company.

Bestman Solutions

Bestman Solutions

As a specialist cyber security practice, we believe that people are an organisation’s most valuable asset. Success depends on hiring the right people, and this is where we come in.

CyberMindr

CyberMindr

CyberMindr is a SaaS platform for Automated & Continuous Attack Path and Threat Exposure Discovery helps you to proactively identify & assess your attack surface to mitigate associated threats.