Considerations when Outsourcing IT and Cybersecurity Functions
The need for qualified professionals to handle cybersecurity for companies of all kinds has never been greater. As cyber criminals increase in numbers and in sophistication, organizations need to have defenses in place to protect their customers', employees' and firm's information. However, many companies don't have the necessary talent in-house to effectively fight cybersecurity attacks. To fill this gap, some companies are choosing to outsource their cybersecurity IT function.
When doing so, however, it's not enough to simply sign an agreement for third-party services - companies must ensure the service provider is actually proactively working to protect their data.
Understanding and Defining Cybersecurity Liability
Clearly defining liability and damages for breaches is a critical step that needs to be taken up front. Rebecca Eisner, partner at Mayer Brown in Chicago, stated in a CIO Magazine article:
Suppliers are understandably concerned about not paying damages that are disproportionate to the revenue received, and therefore seek to limit or disclaim their liability. Customers are equally concerned, particularly where suppliers do not have the same incentives to protect customer data as the customer, and because the negative impacts of a security incident are generally far more significant to the customer than to the supplier.
Companies entering into third-party service agreements need to understand, and be comfortable with, the risks assumed by each party.
It's not just the private sector focusing on cybersecurity. The need for an increased emphasis on cybersecurity professionals was included in recommendations President Obama's Commission on Enhancing National Cybersecurity made in a December 2016 report to the incoming Trump administration. In total, the report contained 16 specific recommendations and 53 associated action items, as organized around six major imperatives.
Cloud computing and storage adds an added level of complexity to outsourcing discussions, so firms must ensure their IT-service providers are prepared to combat cybersecurity on all fronts. If you're looking to outsource cybersecurity talent through a firm like Infinity Consulting Solutions, look for talent with the skills and experience you need to protect your company's most valuable information from cyber threats.
The Cybersecurity Skills Gap
Many firms choose to outsource their IT cybersecurity because they simply don't have the talent inside their organizations.
A July 2016 McAfee Study examined the shortage, concluding that organizations of all sizes and across industries need to be prepared to address threats that are changing in scope and sophistication. Unfortunately, the shortage of skilled cybersecurity IT professionals makes combating those risks an added challenge.
The challenge may be greatest for small- to mid-sized companies, simply because they lack the scope and resources to add dedicated IT personnel to their ranks. The study showed that more than 60% of businesses surveyed outsource some or all of their cybersecurity efforts, and that 55% of respondents believed they can effectively meet cybersecurity risk head-on by outsourcing certain tasks like intrusion detection, secure software development and attack mitigation to third parties.
The results of the study were sobering, as respondents reported more than 209,000 unfilled cybersecurity jobs in the United States in 2015. The problem isn't limited to the United States, however. Worldwide estimates are that there may be between one and two million unfilled cybersecurity positions around the globe by 2019.
Understand and Address Security Risks
The bottom line is that many firms will need to outsource cybersecurity and other IT responsibilities in order to proactively meet the challenge. Keeping security threats in mind as outsourcing decisions are made is critically important.
Firms should clearly understand how their sensitive information will be used, stored and protected by any third-party IT resources. Likewise, companies should review existing service agreements and processes to ensure threats and risks are adequately addressed.
Contact ICS for Outsourced IT and Cybersecurity Talent
If you are looking for help in sourcing the right IT and cybersecurity talent, Infinity Consulting Solutions can help. Contact ICS today to learn how we can help you protect your firm's, customers' and employees' information so you can focus on running your business.