22 per cent of companies want to invest in outsourcing to MSPs and MSSPs

81 per cent of companies in Germany have been affected by at least one cyber security incident in the past two years, and more than half (65 per cent) have been affected by at least two. The majority (61 per cent) do not have the necessary expertise and tools internally to manage cyber security, which is why 58 per cent want to hire additional employees and some want to increase their investment in cyber security in general (35 per cent). 22 per cent even want to invest in outsourcing to MSPs and MSSPs. These are the findings of a recent Kaspersky survey.

According to the latest Kaspersky study, more than three quarters (81 per cent) of IT security experts have reported at least one IT security incident in the past two years, 65 per cent at least two. Almost half (45 per cent) of these were classified as “serious”, 16 per cent as “very serious”.

According to the IT security experts, reasons for cyber incidents include a lack of necessary threat detection tools (12 per cent) and a lack of internal IT security staff (16 per cent). To address these challenges, they want to acquire more tools for more effective cyber security management (38 per cent) and implement threat detection and prevention protocols (36 per cent). Furthermore:

• Invest more in cyber security in general (35 per cent)
• Offer more training to employees (35 per cent)
• Involve more external specialists (33 per cent).

Furthermore, almost half (43 per cent) plan to invest in outsourcing their cyber security in the next year and a half. A quarter (24 per cent) would like to use professional external services for this, while 22 per cent intend to outsource cyber security to MSPs/MSSPs.

The automation of cyber security processes is also playing an increasingly important role for companies. Almost half of companies in Germany (52 per cent) have concrete plans to implement software that automatically manages their cyber security. A further 16 per cent are discussing the introduction of such a solution.

“One of the most important measures that companies struggling with a lack of experts and overload can focus on is automation and outsourcing cybersecurity tasks,” explains Ivan Vassunov, VP Corporate Products at Kaspersky. “Relying on external experts – whether by outsourcing to manage the entire cybersecurity system or by taking on expert-level services to support the IT security department – is the optimal solution for many. Cybersecurity vendors, MSPs and MSSPs are the ones with the expertise and tools to effectively manage cybersecurity for clients of all sizes. They also offer a variety of services, such as Managed Detection and Response Services, where SOC experts provide continuous monitoring, as well as emergency support, such as investigating a specific incident. Automation tools provided by cybersecurity providers are another way in which a company can strengthen its cybersecurity. These include XDR and MDR solutions, for example, which use investigation and response playbooks and embedded AI to enable easy automation and empower customers and partners to automate their information security processes to a large extent. Given the offerings provided by experts, each organisation can determine the scope of services needed based on cybersecurity vulnerabilities or the desired direction of development.”

Kaspersky recommendations for internal lack of tools and expertise

A solution like Kaspersky Managed Detection and Response [2] increases an organisation’s overall level of protection by monitoring telemetry data from the IT network 24/7 and helping to develop internal processes and best practices while following incident response guidelines provided by Kaspersky experts.

Medium-sized organisations that do not have the budget to purchase some cybersecurity products or hire dedicated IT security experts should use an easy-to-manage solution such as Kaspersky Endpoint Security Cloud [3].

Cybersecurity training helps to update the skills and knowledge of IT security specialists so that they can protect the organisation. For example, Kaspersky Cybersecurity for IT [4] online training teaches IT administrators simple but effective IT security best practices and simple incident response scenarios. With Kaspersky Expert Training [5], security teams gain comprehensive expertise to manage threats and protect the organisation itself from complex attacks.

The full report on the human impact on corporate cyber security is available at https://www.kaspersky.com/blog/human-factor-360-report-2023/

• [1] https://www.kaspersky.com/blog/human-factor-360-report-2023/
• [2] https://www.kaspersky.de/enterprise-security/managed-detection-and-response
• [3] https://www.kaspersky.de/small-to-medium-business-security/cloud
• [4] https://academy.kaspersky.com/courses/cito-cybersecurity-for-it-online/
• [5] https://xtraining.kaspersky.com/