As organizations struggle to staff their security teams amid budgets showing modest, if any, growth, managed security services are coming to the fore.
It's a confluence of events shaping up to make predictions from the likes of Gartner about increasing use of managed detection and response (MDR) services look prescient.
In a report published in early 2023, Gartner predicted that by 2025, now weeks away, "60% of organizations will be actively using remote threat disruption and containment capabilities delivered directly by MDR providers, up from 30% today."
The Cyber Skills Shortage
The rationale for such a prediction is not hard to understand. For one, the industry faces a well-documented shortage of security professionals. As Thompson Reuters reported in January:
"According to the Cybersecurity Workforce Study from ISC2, a nonprofit organization for cybersecurity professionals, the gap between the number of skilled cybersecurity staffers needed and the number available has risen 12.6% year over year worldwide. (...) Two-thirds of the cybersecurity professionals surveyed in the study, which was released in October, reported that their organization has a shortage of cybersecurity staff needed to prevent and troubleshoot security issues."
Should you succeed in finding qualified personnel, expect to pay them handsomely. A 2024 Forrester study found that organizations spend an average of $157,593 per cybersecurity employee. That number includes both full-time and other employees. The "contracted full-time employee equivalent (FTE)" price tag is even more, $194,613.
Security Budget Realities
Against that context, security budgets are seeing only relatively modest increases, according to a survey of 755 CISOs conducted in mid-2024 and reported in The National CIO Review.
"In 2024, budgets are projected to grow by 8%, a modest rise from 6% in 2023. While this shows improvement, it's well below the sharp increases of 16% and 17% seen in 2021 and 2022," the report says.
Not all industries are seeing budget increases. Sectors such as financial services and technology are experiencing single-digit security budget growth, but healthcare and business services sectors are showing a decline compared to 2023, the report said. This comes at a time when industries, including healthcare, are being targeted with ransomware and other cyber threats.
The net result is a significant skills gap at nearly all companies, according to the ISC2 survey.
"Among respondents to the survey, 92% reported skills gaps at their organization, a gap that includes cloud computing security. An inability to find people with the right skills, the struggle to keep employees who have those skills, and a shrinking hiring budget are the biggest causes cited for these skills gaps. Indeed, 54% of respondents said that the cybersecurity skills shortage situation has been getting worse in recent years," the study found.
The Case for Managed Security Services
Managed security service providers can fill the knowledge gaps at a predictable cost. While MSSPs likewise have to find qualified personnel, they tend to have a leg up. Given security is all they do, MSSPs are a natural landing spot for any professional interested in a security career.
Additionally, MSSPs tend to have well-defined training programs to constantly "skill-up" their employees in a way that's difficult for individual companies to emulate – given security is not their primary business. MSSPs also have all the required tools of the trade on which to train their employees. The best MSSPs have in-house research organizations, such as the Trustwave Spider Labs team, dedicated to finding the latest security threats.
So, by contracting with an MSSP for services such as MDR, organizations can insulate themselves from the security skills shortage, including the constant fear of turnover, and be privy to the most up-to-date security intelligence. At the same time, they'll gain access to a broad set of security skills that would be difficult, if not impossible from a financial perspective, to duplicate in-house.
To learn more, check out Trustwave MDR and the related Co-Managed SOC offerings, or talk to one of our experts. You'll soon understand why Gartner and others are so bullish on MDR and providers of managed security as a service.
