New rules of engagement for next-gen managed IT security services

The trends towards outsourced cyber security have gained traction during the COVID-19 pandemic as companies have empowered remote working models and increased their emphasis on digital transformation. The ever-widening cyber security skills gap adds further power to the trend, where outsourcing what is considered a critical business function is vital. While the demand for next-gen managed IT security services is higher than it has been in recent years, there are new rules of engagement.

So says Charl Ueckermann, Group CEO at AVeS Cyber International.

“The South African economy shrunk by an annualised 51% in the second quarter, placing significant pressure on most businesses to cut costs. At the same time, cyber risks have increased amid the pandemic, as have governance risks, against the backdrop of the Protection of Personal Information Act. The shrinking economy places more pressure on budgets and is impacting outsourcing models as we know them.

“As we advance, we can expect to see not only the CIO involved in decision-making, but the CFO and the chief risk officer too. Companies that have their infrastructure, security and governance managed together in one service offering will find it easier to keep up with the ever-changing environment of cyber risk. Next-gen managed IT services will need to address risk management, governance and cyber security requirements while optimising operational costs. Outsourced partners need to be able to respond to this.”

Although cost control is a primary consideration in selecting an outsourced provider, Ueckermann cautions against basing the decision solely on who can offer services at the best price. Instead, care should be taken to choose a partner that has the capabilities to deliver on requirements reliably and cost-effectively. This way, managed IT services can give companies a competitive advantage.

A security study of South African companies by IBM revealed that on average, malicious or criminal attacks took 191 days to identify and 62 days to contain. Human error breaches took 164 days to identify and 40 days to contain, while system glitch breaches took 163 days to identify and 44 days to stop.

A sluggish response to incidents can cost companies in terms of loss of productivity and business continuity, as well as financially, as recovering from a significant breach often runs into millions of rands.

“Companies that have an effective team and mechanisms to investigate and contain events quickly are better positioned to recover, as well as limit the financial and reputational impact.

“With well-managed outsourced services that address cyber security, governance and risk management holistically, companies get more than just desktop support. They are incident-ready because the groundwork is done. This offers an edge in a market where few can tolerate downtime or the expense of an attack.”

References:

1. DONNELLY, L. (2020, 09 08). GDP drops an annualised 51% in second quarter. Retrieved from Business Live: https://www.businesslive.co.za/bd/economy/2020-09-08-sa-economy-shrinks-by-more-than-half-in-second-quarter/
2. Delport, J. (2020, 07 29). The Actual Cost of Data Breaches, According to IBM. Retrieved from IT News Africa: https://www.itnewsafrica.com/2020/07/the-actual-cost-of-data-breaches-according-to-ibm/#:~:text=Security%20breaches%20can%20cost%20South,to%20an%20IBM%20Security%20study.&text=The%20amount%20of%20lost%20or,a%209.35%25%20decrease%20from%202019