The majority of UK businesses intend to outsource their cybersecurity operations to a third party, a new survey has found. According to the poll of 1,762 C-suite executives by Logpoint, 28% of respondents are confident that their IT security team will belong to a third party – adding to the 52% of businesses in the UK that already outsource this function. By comparison, only 24% of firms in France and 27% of companies in Germany – both countries where the overwhelming majority of corporations keep their cybersecurity teams in-house – intend to outsource this function in the same period.

Logpoint’s regional manager for managed security service providers (MSSPs) Innes Muir blamed onerous compliance requirements for this UK corporate stampede to third-party providers. “Using a third party can provide the organisation with access to the latest technology and skilled experts but also enables them to prove compliance through tailored solutions that meet the requirements of specific regulations such as GDPR and NIS2,” said Muir. “Going forward, the expectation is that more regulations, such as the Cyber Security and Resilience Bill, will follow suit and make accountability part and parcel of risk management and incident reporting, further driving the shift to outsourcing.”

Enthusiasm for outsourcing cybersecurity function comes amid UK IT skills shortage

Not every respondent was keen on outsourcing. Reasons for keeping IT security teams under the company’s roof included the desire to retain an institutional memory for departments as the business changed. 60% of those who did wish to contract third-party providers, however, felt this well of internal skills and knowledge was missing. Another 48%, meanwhile, said that they were failing to recruit candidates with relevant skillsets – unsurprising, perhaps, given that demand for UK IT specialists has grown 27.1% this year despite the labour pool shrinking by 4.9%.

30% of respondents, meanwhile, were more interested in contracting third-party providers to divest themselves of what they perceived to be a growing compliance burden. The criteria for choosing an MSSP varied. Most cited the quality of the service (46%) as the primary reason why they chose their current IT security partner, with another 19% saying that it was down to the latter’s reputation. Only 12% said that the price of the services provided outweighed all other concerns. 

As far as choosing specific security solutions was concerned, respondents prioritised the raw ability of a given product to mitigate a breach (63%.) However, this was almost equally matched by considerations about its prior effectiveness (62%) and its utility in meeting compliance requirements (61%.) “This,” said Logpoint, “reflects the growing demand for solutions that not only comply but [also] offer compliance-specific monitoring and reporting.”

Read more: UKRI unveils CRANE NetworkPlus to enhance cybersecurity across key sectors