Companies are increasingly strengthening themselves with external expertise. The current study shows that 46 percent of companies are already using Cyber Security as a Service (CSaaS), and another 35 percent are in the process of implementing it. The key reason is 24/7 monitoring and therefore more protection for the company.
Cybersecurity has become a critical success factor for companies in recent years. The advancing digital transformation, increasing networking of IT infrastructures and the constant professionalization of cybercrime offer attackers good conditions to identify new attack vectors and attack companies.
With the help of external support from Cyber Security as a Service (CSaaS), companies can outsource a significant part of their cybersecurity and optimize and modernize existing IT infrastructure protection. As part of a study commissioned by Techconsult, Sophos examined the extent to which companies are already using these options and why they decide for or against them. 200 IT managers and decision-makers from German companies with 100 to 999 employees and from various industries were surveyed.
Banks and insurance companies in particular rely on cyber security as a service
67 percent of the companies surveyed were victims of cyber attacks in the past 24 months. Through Cyber Security as a Service, companies can not only protect their IT infrastructure reactively, but also proactively against possible attacks. For example, proactive threat hunting is an optimal complement to technical IT security measures. It turns out that numerous companies are already taking advantage of this service model. 46 percent of the companies surveyed are already using CSaaS, with this proportion being particularly pronounced among banks and insurance companies (71 percent). Additionally, companies with between 500 and 999 employees (51 percent) are more likely to use CSaaS compared to companies with between 100 and 249 employees (45 percent).
More than a third of the companies surveyed (35 percent) are currently implementing CSaaS, and another 13 percent are planning to use it in the next 12 months. It is clear here that many companies are actively investing in modernizing their IT security infrastructures.
One in four companies implemented CSaaS after a security incident
Different factors are crucial when making a decision about the use of security services. The main reasons that companies cite for using or planning to implement CSaaS are the possibility of 24/7 monitoring. For over 45 percent of the IT managers surveyed, this is the decisive factor.
The increasing complexity of IT security risks is an important reason for 41 percent of companies to use CSaaS. IT infrastructures are confronted with increasingly complex security gaps and attacks and have to deal with them. This inevitably leads to the need for preventative IT security strategies, which 40 percent of the IT managers surveyed also cited as a reason for CSaaS. This is where a change from reactive security approaches to a proactive approach becomes visible. Through proactive threat hunting, companies can often prevent security breaches before they actually occur; For 35 percent of companies, rapid reactions to security incidents are therefore crucial, and 35 percent would like to relieve the burden on their own IT department (35 percent).
In addition, one in four companies surveyed (25 percent) implemented CSaaS after a specific security incident. As a result, 70 percent of these companies saw a significant improvement in their IT security and have not identified any further security incidents since then. Further evidence that external cyber security services can protect against security incidents and support and complement internal teams.
But not everyone is convinced
Despite all the possible positive effects of using CSaaS, some companies are still hesitant to purchase an additional IT security service from an external service provider. The reasons for this are of different nature.
Of the companies surveyed that do not use CSaaS, 43 percent cite an already comprehensively secured IT infrastructure as the reason. A further 36 percent see no added value compared to their existing infrastructure, while 36 percent also express concerns about a high level of dependence on external service providers.
More at Sophos.com
About Sophos More than 100 million users in 150 countries trust Sophos. We offer the best protection against complex IT threats and data loss. Our comprehensive security solutions are easy to deploy, use and manage. They offer the lowest total cost of ownership in the industry. Sophos offers award-winning encryption solutions, security solutions for endpoints, networks, mobile devices, email and the web. In addition, there is support from SophosLabs, our worldwide network of our own analysis centers. The Sophos headquarters are in Boston, USA and Oxford, UK.