European businesses not seeking help from the security industry to comply with GDPR regulations
May 2017 by PAC - Pierre Audouin Consultants
European research conducted by PAC on behalf of Reliance acsn has outlined the challenges and concerns that security professionals across Europe are facing and how they approach the serious issue of outsourcing functions. One of the key findings of the report was that compliance and GDPR were not seen as important reasons for employing third party security firms, despite the need for detailed knowledge to comply with regulations.
With just over 12 months to go until GDPR becomes active, the research indicated very little awareness of how Managed Security Service Providers (MSSPs) could support businesses to comply with the EU legislation. Only 20% of respondents said it was a good reason to employ an MSSP, highlighting the need to educate businesses on the crucial role MSSPs can play in achieving compliance.
Other key findings from the research included:
• Key drivers of digital transformation – including cloud, mobility and IoT – are the biggest source of security concerns for European organisations. 50% of respondents see digital transformation in itself as a security risk
• Cost savings and efficiency dominate management thinking with 69% of respondents saying they were major goals of managed security service adoption
• The cyber security skills shortage is beginning to impact heavily on businesses’ decisions to use a MSSP, with 30% looking to gain access to expert analysis
John Madelin, CEO at Reliance acsn said: “Cybersecurity is a rapidly growing problem and a growing area of focus for the board. This report has shown that organisations are considering moving some operations in-house and that cost reductions are still the top driver for employing MSSPs, even in the face of major shifts, such as GDPR. Ultimately, organisations need to focus first on securing their critical assets and to do this properly a managed end-to-end security approach is needed. This is challenging to handle alone, not just for in-house IT departments but also for MSSPs. As a result we expect to see closer partnerships with our customers in a more integrated fashion in order to safeguard the business against cyber threats. ”
Paul Fisher, Research Analyst and Cyber Security Lead at PAC commented: “The fact that compliance and more especially, GDPR, has such a low priority among our respondents is worrying. I do not believe that they are burying their hands in the sand, more that the implications and complexity of GDPR compliance have not yet fully sunk in. It is an area that many organizations may now need urgent external help.”
The PAC research “Managing Security in the Digital Era” was conducted in February 2017 across: UK, France, Germany, Nordics, Ireland and the Netherlands. The field research questioned 200 CISCOs, CIOs, CTOs and other C-Suite professionals across manufacturing, retail, transport and services sectors.