Three quarters of Healthcare organisations would relinquish control for quicker decision making on cyber threats, finds new report
February 2024 by e2e-assure
Three quarters (75%) of Healthcare organisations would relinquish some control to enable decisions to be made quicker by specialists on cyber threats, according to new research by Threat Detection and Response provider, e2e-assure.
Having a solid cyber security defence strategy is of urgent importance for Healthcare organisations, with e2e-assure’s study finding the vast majority of Healthcare organisations (77%) have experienced a cyber attack. Worryingly, only 13% describe their cyber security provider or in-house team as “exceeding expectations,” which is lower than the average across industries* at 16%.
Outsourcing is currently the most popular solution for Healthcare organisations when it comes to their cyber security operations (41%), compared with a hybrid approach (40%) or managing everything in-house (16%). This may change, as 31% believe their provider or in-house team is underperforming and are looking to make changes. Of those utilising SOC-as-a-Service, which is one of the top operations outsourced by the Healthcare sector, only 5% said their service “exceeds expectations.”
The research repeatedly reflects a strong trend from the Healthcare sector towards either relinquishing responsibility or working more closely with providers. Over a third (35%) of them are looking for a hybrid solution to extend their current teams. And aside from enabling decisions to be made quicker by specialists, 69% would relinquish some control to reduce the reliance on their teams and 67% to enable faster response times.
It comes as no surprise that speed is also essential – with 52% saying it’s a priority when it comes to making decisions around their cyber security environment. Control is the least important at 27%, again reflecting the trend that Healthcare organisations want to be able to rely on their providers.
However, when it comes to the use of threat intelligence, 40% are unconfident in threat intelligence to proactively detect threats and 31% are unconfident in their operation’s ability to respond to an alert/incident within 30 minutes.
The biggest “don’t have but desire” of Healthcare organisations is real-time visibility of reporting dashboards (55%) and around half (49%) don’t feel they have client-centric delivery teams who care. Therefore, before Healthcare organisations are going to pass over more control, providers need to build their trust and show that they “care” through closer collaboration and better understanding of the customer’s environment.
The biggest three frustrations include a lack of proactivity to fine tune alerts and protect environments (33%), long and complex contract terms (29%) and slow/poor communication with analysts and/or account managers (28%). There is a way to go before providers are supporting Healthcare organisations with the speed, proactivity and flexibility they need to tackle the onslaught of cyber attacks, exhausting an already over tired workforce.
Rob Demain, CEO of e2e-assure, said:
“Our study sets out to unveil the observations from CISOs and cyber security decision makers as to how their cyber security providers are performing, as criminals deploy increasingly advanced extortion techniques.
“With Healthcare organisations most commonly outsourcing their cyber security operations, but with almost half (49%) saying that don’t believe they have client-centric delivery teams who care, it’s clear that there is a need for a critical shift to ensure cyber defence providers are meeting the needs of organisations in 2024.”
With the findings highlighting the need for a shift in the service offerings from providers, five key themes emerged for cyber defence rejuvenation in 2024:
1. Providers will need to prove their value
2. Security teams will relinquish more control to trusted providers
3. Contracts will need to be more commercially flexible
4. Service and tooling flexibility is a priority for organisations
5. Quality cyber defence needs to become more accessible to organisations of all sizes