Why enterprises are massively subcontracting cybersecurity work

NewtonX market research this week revealed that 56% of organizations surveyed subcontracting as much as 25% of their cybersecurity work. In the study, more than 100 information security executives, CTOs, and other senior decision makers tended to undercut one of the most critical roles constantly faced by business professionals.

“[Chief information security officers] and CIOs / CTOs find it extremely difficult to hire and retain qualified cyber security personnel. As a result, they are forced to look elsewhere for talent, ”said Sascha Eder, co-founder and CEO of NewtonX. “A surprisingly large percentage – 56% – of organizations are tackling the recruitment crisis by subcontracting at least part of their cybersecurity team, most often to managed service providers.”

Despite the fundamental importance of cybersecurity, 40% of the organizations surveyed answered that cyber security costs account for 10% to 15% of total IT budgets. Despite the dangers that data breaches tend to have, the percentages are actually in a consistent range, according to Eder. “The 10-15% range is in line with a Deloitte study that found that financial institutions spent about 10% of the total IT budget on cybersecurity,” he said.

In addition, as a general rule, Eder suggested that budgets have grown to address the growing cyber security threat more important than the size of the budget itself.

Supplements overstretched IT teams

Standout headings include cyber surveillance / operations and endpoint and network security, which accounted for 50% of total cybersecurity budgets. Yet only two-thirds of respondents experienced increases in these budgets ranging from as low as 5% to as high as 50%, while the remaining third remained the same.

Based on facts and forecasts, this indicates that cybersecurity leaders still believe that budgets fall terribly short when it comes to the important task of controlling and preventing cyber attacks. Because of this, in an effort to avoid vulnerabilities, understaffed cybersecurity departments seek to subcontract as a means of supplementing their own cybersecurity teams.

As VPN and DDoS attacks are expected to reach 11 million incidents by the end of 2021, along with the second influx of cyber security gatekeepers and insufficient resources, all factors driving cybersecurity makers to choose managed service providers over internal IT teams. CrowdStrike, Palo Alto Networks and Microsoft were rated as the leading managed security cybersecurity providers in the NewtonX survey.

No budget for ransomware

Another reason why security administrators can lie awake at night is the lack of budget for ransomware. “An interesting insight for us was how divided people are in laws that limit ransomware payments,” explained Patiwat Panurach, VP of Strategic Insights and Analysis at NewtonX.

The survey showed that 39% of respondents agreed with the proposed legislation limiting or banning such payments, while 26% disagreed.

“It is therefore not surprising that 72% of companies surveyed do not even have a ransomware budget, which just shows how much uncertainty there is about the impact of such restrictions,” Panurach said.

Will legislators allow a ransom to be paid if the cost of not paying is a major, potentially politically damaging, disruption of high-profile services? Either way, companies should be more and more vigilant as the volume of attacks continues to rise.


VentureBeat’s mission is to be a digital urban space for technical decision makers to gain knowledge about transformative technology and transactions. Our site provides important information about data technologies and strategies to guide you as you lead your organizations. We invite you to join our community to access:

  • updated information on topics that interest you
  • our newsletters
  • gated thought-leader content and discount access to our valued events, such as Transform 2021: Learn more
  • networking features and more

sign up

Leave a Comment