ESG's Christina Richmond discusses recent ESG Research on the drivers behind companies increasingly engaging cybersecurity services.
Read the related ESG Blog(s):
Christina: Hi, folks. In a recent ESG study on cybersecurity services, we discovered that complexity and compliance are two of the top drivers to cybersecurity services. So, given that we've moved a lot of our architecture to private and public cloud or multi-cloud and the fact that some of our architecture still lives on premises in our own data centers, which is hybrid, it causes complexity, and it challenges us to change how we secure these architectures.
And, in fact, it's broadened our attack surface quite a bit. Forty percent of our respondents say that they need advice on how to secure public, private, multi-cloud, and hybrid architectures. Compliance has long been a driver towards cybersecurity services for assessments and audits.
Thirty-five percent say that regulations specifically drive them to services. In addition, 24% of our respondents are saying that regulations have become untenable for their organizations to manage. What that means to me is that these regulations have become iterative. We no longer have just one set of standards that we're trying to adhere to, and we no longer have to do an audit once a year.
We have so many standards we have to adhere to, and we're doing these audits and pre-audit assessments on almost a monthly basis now. Organizations are asking for help from service providers to help them look at the entire regulatory food chain, if you will. Risk is another driver to cybersecurity services.
As the breach is proliferating, unabated, and the adversary continues to be ahead of us, the board of directors and executive teams are starting to understand that they can't just ask us a black and white question where they expect a binary answer to, "Are we secure?"
It's not a yes/no answer. So, they are becoming more involved in the cybersecurity program. They want to understand better how security works. And, you know, cyber program owners are inviting them in. While it may cause a bit more work, it's better to have that discussion. Forty-eight percent of our respondents are driven specifically to advisory services to get help on risk management, looking at how cyber risk fits into the overarching business risk strategy.
And then 54% tell us that they are looking specifically for help with tracking and looking at metrics around security risk management, and then how do they report that up to the board of directors and the executive team. I've mostly discussed advisory and implementation services, but other videos I have on ESG's website talk about managed detection and response and managed security services, MDR and MSF.
And from this same study, we know that 29% of our respondents are fatigued by alerts. There's too much alert noise for them to handle on their own, so they need help. And 22% lack the technical acumen to detect and respond to these alerts. So they're looking for these outsourcing services.
So check out those other videos as well. I'm Christina Richmond, and I'd love to hear from you about services. There's a lot more data in our recent cybersecurity services study, and I'd really be happy to discuss it.