The black gold of the security industry

For the study "Managing Security in the Digital Era", PAC surveyed 200 leading IT and security experts from various industries across Europe about their experiences, objectives and challenges in working with MSSPs.

Slow implementation of EU requirements

Among other things, the study reveals a disturbing lack of awareness of the data protection implications of the EU General Data Protection Regulation (GDPR).

The GDPR creates the basis for a uniform approach to data security throughout Europe. European companies have until May 2018 to adapt their IT infrastructure to the provisions of the GDPR.

With just under a year to go, 69 percent of study participants cite cost savings and more than half (55 percent) cite automation of security operations as key goals for hiring a managed security services provider.

The compliance requirements imposed by the GDPR, on the other hand, were the decisive factor for only 20 percent of respondents.

Paul Fisher, Research Analyst and Cyber Security Lead at PAC, summarizes the situation as follows:

"The fact that the compliance aspect, especially with regard to the GDPR regulation, plays such a subordinate role among the study participants is cause for concern.

In my view, however, this is not because companies are burying their heads in the sand, but rather because they are not yet fully aware of the concrete implications and complexity of the new regulation.

In this context, many organizations may now be in dire need of outside help."

The study shows that it is essential for MSSPs to find, develop, and retain employees with appropriate IT security knowledge and skills in order to compete with vendors.

Nearly 70 percent of the companies surveyed said that the number of security experts a potential security services provider provides is an important selection criterion for them.

Pick-and-mix strategy

Working with MSSP is already standard practice for the majority of European companies when planning and implementing their IT security strategies.

More than 70 percent of respondents are satisfied with their current provider. If a change of service provider is planned, a lack of flexibility and know-how are cited as the main reasons for this decision.

According to the study, 31 percent of the companies surveyed are also planning to expand their IT security expertise in-house. In view of the rapidly changing requirements and the incalculable market conditions, providers must therefore not lose sight of their customers' needs and must position themselves accordingly.

John Madelin, CEO of premium sponsor Reliance ACSN, summarizes the situation as follows:

"The critical issue of cyber security is rapidly growing in importance. Moreover, the approach to the problem has never been more visible than it is today, which is partly due to the growing interest of management and partly to the increasing complexity of the business areas.

Interestingly, one finding of the study is that companies are considering bringing more operations back into the enterprise. Ultimately, the focus of companies must be on securing their sensitive data.

This requires a properly managed end-to-end security infrastructure: a challenge for internal IT departments trying to tackle the issue alone."