CGI recently partnered with Pierre Audoin Consultants (PAC) to study cybersecurity trends in the United Kingdom. A key question asked was this: “Is cybersecurity now too hard for enterprises?” Of more than 230 respondents from companies with 1,000 employees or more, just 21% reported they do all of their cyber work internally. Why only 21%?
There are two key reasons cybersecurity work is handled at least partially through external partners:
- Budget pressure – There is growing realization that specialist cyber services often are less expensive than in-house services.
- Talent shortage – The ability to find, hire and retain quality cyber talent is becoming a major challenge, especially for organizations that don’t have cybersecurity as part of their core business.
The cyber talent shortage is recognized globally, with several government organizations in the U.S., UK and other European countries creating policies to stimulate the growth of these skills at schools, universities and workplaces, spawning new courses, qualifications and accreditations.
With this talent shortage comes another challenge—retention. Organizations may succeed in hiring good people, but if cyber isn’t core to their business, they struggle to offer long-term career paths with the necessary development, training and variety required to keep these professionals challenged and satisfied. And even if they’re able to look after their cybersecurity people really well, the better they build their workforce, the more attractive those employees become to headhunters. The constant cycle of investing in people, only to see them transition out, can become very expensive.
Yet, inaction can lead to disastrous outcomes. With so much data online—including the extension of networks to the Internet of Things, the proliferation of mobile technologies and the expanded use of cloud—protecting our infrastructure, networks and data has become much more complicated. A strategy to hire more in-house experts to beef up the cybersecurity program in many cases is not sustainable.
The co-sourcing option
One solution is to co-source cybersecurity. In co-sourcing, your security provider works alongside your organization’s security team, supplementing skills, sharing insight and intelligence, developing trust and understanding what is really important to protect. Your organization gets to stay in control and gain from a wider and deeper pool of expertise. Perhaps most importantly, co-sourcing allows you to circumvent both the hiring process and ongoing training costs, taking the strain out of finding, onboarding and retaining increasingly scarce cyber skills.
You’ll find additional insight in this video, “How we beat the global cyber skills shortage.”