UK businesses increasingly outsourcing cybersecurity
.webp)
A recent survey commissioned by Logpoint indicates a significant trend towards outsourcing cybersecurity operations among UK businesses over the next two years.
The European Cybersecurity Sector 2024 report, based on a survey of 1,762 senior decision-makers and influencers, revealed that 52% of UK businesses currently use third-party services for security operations. A further 28% plan to follow suit in the coming years. Comparatively, in France, 24% of companies intend to switch from in-house to external support, while Germany sees a 27% anticipated shift. Meanwhile, in the Nordic region, this figure stands at 14%.
One driving factor for this move is the increasing difficulty in recruiting skilled cybersecurity professionals. The ISC2 2024 Cybersecurity Workforce Study highlights that the UK has the largest workforce gap in Europe, which grew by 27.1% last year, while the workforce simultaneously shrank by 4.9% due to layoffs and economic challenges. As a result, organisations are looking to Managed Security Service Providers (MSSPs) to fill this gap.
According to the survey, 60% of businesses relying on MSSPs cited missing internal skills and knowledge as their primary reason. Another 48% indicated they could not find qualified candidates to meet their security needs.
The shift to outsourcing is also influenced by regulatory compliance demands. With liability increasingly falling on individual board members and senior management, companies are turning to MSSPs to prove compliance with regulations like GDPR and NIS2. In the UK, 93% of organisations note this as the main reason for selecting an MSSP over in-house solutions.
Innes Muir, Regional Manager for MSSPs at Logpoint, stated, "The burden of regulatory compliance coupled with the onus being placed on individual members of the board and senior management is driving demand for MSSP services. Using a third party can provide the organisation with access to the latest technology and skilled experts but also enables them to prove compliance through tailored solutions that can meet the requirements of specific regulations such as GDPR and NIS2. Going forward, the expectation is that more regulations, such as the Cyber Security and Resilience Bill, will follow suit and make accountability part and parcel of risk management and incident reporting, further driving the shift to outsourcing."
Alongside regulatory considerations, MSSPs cited other motivations for outsourcing, including the overall security improvements provided by external services, access to expertise, and the round-the-clock availability of their services. Cost efficiencies and the provision of a centralised portal were noted as additional benefits. Importantly, predictable pricing was preferred over simply reducing costs, highlighting a priority on transparent financial planning during economic challenges.
When selecting security solutions, MSSPs consider the effectiveness of a solution in managing security incidents (63%) and its proven success (62%) as their primary criteria. Compliance with GDPR and other local regulations is also a significant consideration (61%). For those managing security in-house, compliance ranks third, following effectiveness and ease of integration.
Looking ahead, there is a growing interest in bundled offerings from cybersecurity vendors, with 94% of respondents expressing a preference for solutions aligned with a flagship platform. This reflects an increasing demand for integrated and comprehensive security services that accommodate compliance-specific needs, monitoring, and reporting.
