A UK government report published last year found that 48% of organisations lacked the expertise to complete routine cyber security practices.
This includes an inability to protect against malware, set access controls and apply updates.
The report also found that 30% of organisations had skills gaps in more advanced areas, such as penetration testing, forensic analysis and security architecture. Almost as many (27%) have a skills gap when it comes to incident response.
At first glance, these figures are hard to believe. The importance of effective cyber security is discussed often, and the introduction of the GPDR (General Data Protection Regulation) created strict penalties for organisations that fail to protect themselves.
So why are organisations unable to address the fundamentals of cyber security? It turns out the solution isn’t as easy as you might think.
Where are all the cyber security experts?
When an organisation needs someone with a certain set of skills, it often hires a new employee.
In theory, this should be no different when it comes to cyber security. Whether it’s a top-level role, such as a CISO (chief information security officer), or a member of the IT team who takes on security-related tasks, there are plenty of job roles suited for varying levels of seniority and experience.
The problem is that there is a greater demand for cyber security experts than supply. Organisations are fighting over the same skilled professionals, which means professionals can command higher salaries.
This has inflated the economic value of cyber security skills and meant some smaller organisations simply cannot afford to bring in a new hire.
The alternative is to build an internal security team and encourage employees in security-adjacent roles, such as IT, to take cyber security training courses.
However, this will be a long-term project and could compromise the strength of your existing IT resources.
Moreover, you risk the possibility of treating cyber security as an IT issue and ignoring your other requirements.
For example, an IT expert may be comfortable implementing a Cloud database, but do they have the skills to draw up processes to ensure that employees configure it correctly?
To ensure that both human and technical aspects of cyber security are addressed, you must appoint someone who understands the full range of threats.
But if external candidates are hard to come by and internal training will take too long, what do you do?
The answer is Cyber Security as a Service.
What is Cyber Security as a Service?
Cyber Security as a Service enables organisations to outsource their defence measures to a third party.
Depending on the service, you’ll be assigned a team of experts to manage some or all of your technologies, processes and policies.
This is becoming an increasingly popular option. A recent Field Effect Software survey found that 27% of respondents are looking to outsource some or all of their cyber security operations.
By comparison, 24% said they are investing in ongoing cyber security education and 23% said they are increasing their IT or security budget.
Those considering an outsourced approach should take a look at our Cyber Security as a Service.
With this annual subscription service, our experts are on hand to advise you on the best way to protect your organisation.
Our experts will guide you through vulnerability scans, staff training and the creation of policies and procedures, which form the backbone of an effective security strategy.
They are also available to answer with any questions you have, helping you identify and resolve gaps and regularly checking on your progress.
You’ll also receive insurance cover for up to £500,000 – so you can be sure that no matter how severe the disruption, you’ll have the resources to respond and recover.