Companies in Saudi Arabia named the reasons to outsource cybersecurity functions

Kaspersky’s annual IT Security Economics report revealed that the complexity of cybersecurity solutions forced companies to outsource some functions to external InfoSec providers: they have more relevant expertise and can manage the technologies more efficiently than company employees.

A complex cybersecurity solution won’t guarantee the best protection without a competent specialist managing it. A company’s search for such qualified workers is complicated by the global shortage of experts in this field. This fact was illustrated by (ISC)² – an international, nonprofit membership association for information security leaders – who reported a 3.4 million-worker skills gap in the professional market in its 2022 Cybersecurity Workforce Study. This situation forced businesses outsource certain IT functions to managed service providers (MSP) or managed security service providers (MSSP) to get relevant expertise and up-skill teams.

Kaspersky’s research in Saudi Arabia conducted among IT decision makers found that 60% of SMBs and corporations said the most common reason to transfer certain IT security responsibilities to MSP/MSSP in 2022 was the shortage of IT employees. Among other most frequently mentioned reasons companies also named the efficiency in delivering cybersecurity solutions (57,1%), the need for specialist knowledge (57%), scalability (48,6%) and complexity of business processes (42,9%).

In regards to the cooperation with MSP/MSSP, 77.1% of companies in Saudi Arabia stated that they usually work with two or three providers, while 17.1% deal with more than four IT security service suppliers a year.

“External specialists can either manage all the cybersecurity processes in a company or just deal with separate tasks. It usually depends on the size of the organization, its maturity, and management’s desire to be involved in information security tasks. For some small and medium-sized companies it can be reasonable not to hire a full-time specialist and transfer some of his functions to MSP or MSSP as it will be more profitable in terms of cost and efficiency. For large corporations, outside specialists usually mean extra hands to help their own cybersecurity teams deal with a large volume of work. However, it is important to understand that in any case the company should have basic knowledge of information security to be able to assess the outsourcers’ work properly,” comments Konstantin Sapronov, Head of Global Emergency Response Team at Kaspersky.

To protect your company against sophisticated cyberattacks, even if it lacks security staff or internal specialists, Kaspersky recommends using managed protection services. Comprehensive Expert Trainings also help IT security specialists to maintain relevant skills and to be best prepared for the cyber threat landscape.