This blog is the fifth in a series that explores specific findings from Attackers Don’t Sleep, But Your Employees Need To, a Forrester Consulting study recently commissioned by Pondurance.
So many jobs, so few potential applicants. This is a challenge faced by organizations of all sizes looking to staff up their IT security team, but it’s an especially tough challenge for small and medium-size businesses (SMBs) who might find it difficult to compete with large enterprise salaries and job growth opportunities.
No surprise here – the cybersecurity skills shortage is daunting
An article in Bloomberg recently reported that there were 600,000 unfilled cybersecurity jobs in the U.S. Cybersecurity Ventures shared in a jobs report last November that the number of unfilled cybersecurity jobs grew 350%, from one million positions in 2013 to 3.5 million in 2021. In a press release announcing their findings, they stated “Despite industry-wide efforts to reduce the skills gap, the world’s open cybersecurity positions in 2021 is enough to fill 50 NFL stadiums.” Wow. That definitely helps to illustrate the staffing problem.
Cybersecurity skills generally come with pretty hefty salary requirements as well. According to the U.S. Bureau of Labor Statistics, the average salary of a security analyst is $102,600 per year. If you’re fortunate enough to have a Chief Information Security Officer (CISO) at the helm, you may be paying your CISO well over $200,000; Salary.com reports that the median salary for a CISO in the U.S. is $232,090.
Besides the staffing challenge, there’s the cost of developing or purchasing and maintaining the tools and technologies required to run a 24/7 security operations center (SOC), which should provide:
- Network security
- Log management
- Security information and event management (SIEM)
- Threat intelligence
- Endpoint detection and response (EDR)
- Security automation, orchestration and response (SOAR)
The composition of a SOC varies from organization to organization, so this list represents just a partial collection of the technologies that you might find in any given SOC. Not surprisingly, investing in the security technologies required to provide SOC capabilities can easily surpass a million dollars.
Fear of losing control holding you back?
If you’re a SMB, it’s helpful to think through these numbers – the costs of employing full-time security experts and building an in-house SOC – but sometimes it’s more complicated than just the dollars; sometimes it’s hard not to worry about losing control. Outsourcing almost any function in an organization can require a level of trust in a partner that can be difficult to muster, especially if you’ve ever had a bad experience with a service provider. We get it. But here’s the thing: All organizations need 24/7 protection, and if you can’t afford to do this internally or can’t find the necessary staffing skills, you’ve GOT to get help. (We made the case for this (hopefully!) in a previous blog.)
Fortunately, most SMBs seem to look favorably on partnering. In the recent Forrester Consulting study commissioned by Pondurance, Attackers Don’t Sleep, But Your Employees Need To, we found that 53% of SMBs surveyed are relying on external partners to help run their SOCs, specifically because they lack sufficient tooling and skills. Outsourcing is a great way to overcome any technology or staff limitations and the 232 IT and security professionals polled for the study indicated they are allocating 60% of their cybersecurity operations budget to managed and consulting services.
Collaboration with the right partners helps mitigate risk AND save big money
Finding the right security services partner will result not only in better protection for your organization, but it will also save you a lot of money. See that rough estimate above of >$2.2M (sans CISO)? If your organization partnered with Pondurance for 24/7 SOC services, you would pay a small fraction of this price for the skills and technologies required to keep you safe. Our managed detection and response (MDR) services also help you meet cyber insurance requirements for strong security controls, which can keep insurance rates lower.
When asked, “What are the most important drivers of engaging an external security operations partner?” respondents to the Forrester Consulting study cited the following:
These are excellent criteria for selecting the right outsourced security services provider. Here’s how Pondurance stacks up:
Better security through partnering offers so many advantages and should even be something that SMBs tout as a business advantage to their customers. Our Forrester Consulting study found that “Better security and privacy measures give customers a reason to prefer a firm over others; better security in products and services may warrant premium pricing; and empowering security employees with the right tools enables them to be more proactive and engaged.”
Around-the-clock cybersecurity requires the right staffing, skills, tools and technologies to address the cyberthreats that, like the darn COVID virus, keep morphing, changing and making it hard to keep up. For SMBs in particular, partnering with the right cybersecurity services partner can have a profound impact on the safety, security and bottom line of your business.
Join us for the webinar, Attackers Don’t Sleep, But Your Employees Need To, where we take a deeper look at the findings of this study with Pondurance Chief Strategy Officer, Lyndon Brown, and special guest speaker, Jeff Pollard, VP Principal Analyst, Forrester Research.