Under-Performing Cyber Security Providers

Almost half (44%) of Financial Services organisations that fully outsource their cyber security operations say their provider is underperforming, according to new research by Threat Detection and Response provider, e2e-assure.  

Having a solid cyber security defence strategy is of urgent importance for Financial Services organisations, with the UK Information Commissioner's Office (ICO) data breach reports showing that cyber security breaches in the industry have tripled since 2021 and e2e-assure's study echoes this trend, which has found that the vast majority (77%) of Financial Services organisations have experienced a cyber attack.  

Outsourcing is currently the most popular solution for Financial Services organisations when it comes to their cyber security operations (45%), compared with a hybrid approach (40%) or managing everything in-house (12%). 

The key reasons Financial Services organisations outsource are so they can respond to attacks quickly (46%), gain more control (40%) over their environment, and achieve better resilience (34%) against threat actors. 

  • Over a third (33%) of Financial Services organisations that outsource do not feel confident in their provider’s ability to act and respond to security incidences within 30 minutes of detection. 
  • A further 28% said their suppliers were escalating too many false positives, which can often occur with ‘out of the box’ set ups that are not efficiently tuned to the environment they’re monitoring. As a result, only 30% feel that they are resilient.  

The survey found that hybrid teams, rather than fully outsourced providers, more commonly provide CISOs and cyber security decision makers in the Financial Services sector with stronger accountability with agreed SLAs and KPIs (61% vs 53%), client-centric delivery by teams that care (50% vs 33%), good SLA response times (66% vs 58%) and the ability to respond to threats within 30-minutes (89% vs 67%).  

When asked what Financial Services organisations want from their providers, nearly half of those that currently outsource (49%) said they don’t have but desire flexible contracts that can adapt the scope of the original contract signing.  40% said that a key frustration was having to continually bolt on new service offerings to meet security needs.

This can restrict an organisation’s agility and make it difficult for them to rapidly respond to cyber threats as they evolve. With organisations locked into contracts that are not fit for purpose, this is putting them at greater risk of compromise.  

Rob Demain, CEO of e2e-assure, commented “With Financial Services organisations most commonly outsourcing their cyber security operations, but with almost half saying that they’re underperforming, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”

The majority (58%) of Financial Services organisations questioned said that they will either be looking for a hybrid solution to extend their current team when they next procure their security operations, or seek ‘specialist expertise’, it’s clear there is an appetite amongst cyber security professionals to pass on more responsibility.

With the findings highlighting the need for a shift in the service offerings from providers, five key themes emerged for cyber defence rejuvenation in 2024:   

1.    Providers will need to prove their value.

2.    Security teams will relinquish more control to trusted providers.

3.    Contracts will need to be more commercially flexible.

4.    Service and tooling flexibility is a priority for organisations.

5.    Quality cyber defence needs to become more accessible to organisations of all sizes.

To read e2e-assure's report which also reveals why providers are unfit for purpose, the top frustrations with outsourcing SOC-as-a-service, and how Financial Services can navigate the challenges of locked-in cyber contracts, Click Here

Image: Tero Vesalainen

You Might Also Read: 

Boards Need To Step Up Or Risk Cybersecurity Fines:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible


 

« Cyber Security Education From Childhood Is Becoming Vital
Navigating Cloud-Native Application Security With CWPP »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Perimeter 81 / How to Select the Right ZTNA Solution

Perimeter 81 / How to Select the Right ZTNA Solution

Gartner insights into How to Select the Right ZTNA offering. Download this FREE report for a limited time only.

Trend Micro

Trend Micro

Trend Micro is a leader in hybrid cloud, endpoint, and network security solutions.

a1qa

a1qa

a1qa specializes in the delivery of full-cycle software QA and application testing services.

Aqua Security Software

Aqua Security Software

Aqua Security helps enterprises secure their cloud native applications from development to production, whether they run using containers, serverless, or virtual machines.

Thinkst Applied Research

Thinkst Applied Research

Thinkst is an Applied Research company with a deep focus on information security.

Untangle

Untangle

Untangle provides network security products designed specifically for the below-enterprise market, safeguarding businesses, home offices, nonprofits, schools and governmental organizations.

PhishX

PhishX

PhishX is a SaaS platform for security awareness that simulates Cyberthreats, train people, while measure and analysis results, reducing Cybersecurity risks for People and Companies.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

Presidio

Presidio

Presidio is a leading North American IT solutions provider focused on Digital Infrastructure, Business Analytics, Cloud, Security & Emerging solutions.

BridgingMinds Network

BridgingMinds Network

BridgingMinds Network is an industry leading best practices and IT security training provider in Singapore.

SIXGEN

SIXGEN

SIXGEN provides incident response, operational and penetration testing, red teaming, tool development, cyber training development and continuous monitoring.

Wisetek

Wisetek

Wisetek is a global provider of end-to-end IT Asset Disposition (ITAD), reuse and secure data destruction management services to the world’s leading IT Corporations, data centres and manufacturers.

Node4

Node4

Node4 provide advanced, cloud-led digital transformation solutions, delivered with technical expertise, innovation and exceptional service to drive your business forwards.

Clarabot Nano

Clarabot Nano

Nano is the secure file sharing tool to improve content search, data access and collaboration between multiple parties.

Bitdefender

Bitdefender

Bitdefender is a cybersecurity leader delivering best-in-class threat prevention, detection, and response solutions worldwide.

ThreatNix

ThreatNix

ThreatNix is a tight knit group of experienced security professionals who are committed to providing competent cybersecurity solutions that adhere to international standards.

Cypfer

Cypfer

CYPFER is a global market leader in ransomware post-breach remediation and cyber-attack first response.