Security outsourcing grows as CISOs face talent shortage
MASSACHUSETTS, UNITED STATES — As the global shortage of cybersecurity talent persists, chief information security officers (CISOs) are increasingly outsourcing key security functions to managed service providers.
With spending on security software and services outpacing staffing budgets, many organizations are shifting their focus from building in-house cybersecurity teams to leveraging external expertise.
According to Gartner, global spending on security services is projected to grow by 15.1%, reaching $212 billion next year. This trend reflects the ongoing struggle organizations face in hiring and retaining skilled cybersecurity professionals.
Demand for managed security services increases
The complexity of modern IT infrastructures, particularly the shift to hybrid and cloud environments since the COVID-19 pandemic, has fueled demand for managed security services.
Craig Robinson, IDC’s research vice president for security services, noted that these changes have expanded the attack surface, rendering traditional tools insufficient.
“Companies are faced with too many alerts, so taking advantage of outsourced technologies to handle functions such as managed detection and response [MDR] suddenly starts to make a lot of sense,” Robinson said.
A recent study by Foundry identified threat detection and response (24%), security awareness training (23%), and security operations (23%) as the top functions being outsourced by CISOs over the next 12 months. Additionally, 82% of surveyed CISOs plan to outsource at least one security function within the coming year.
Cost efficiency and round-the-clock coverage drive outsourcing
For many CISOs, outsourcing provides access to specialized skills while offering cost-effective solutions for 24/7 coverage.
“Relying on greater automation and taking advantage of managed security services makes it easier to get the most efficient use of in-house staff,” Robinson explained.
Madelein van der Hout, a senior analyst at Forrester, emphasized that outsourcing allows organizations to dynamically adjust talent needs throughout different project phases—something that can be costly and difficult to achieve internally.
With increasing regulatory pressures and rapidly evolving cybersecurity threats, outsourcing has become a critical strategy for CISOs who want to maintain robust defenses while effectively managing costs.
Cybersecurity outsourcing budgets on the rise
Forrester’s latest cybersecurity benchmarks survey revealed that outsourcing now accounts for 18.1% of cybersecurity budgets. Smaller businesses tend to allocate a higher percentage of their budgets toward outsourcing compared to larger enterprises.
As companies continue navigating budget constraints and staffing challenges, this trend is expected to accelerate in the coming years.
