Lack of Skilled Staff Means Cybersecurity Services are Being Outsourced

by | Jun 11, 2015

A lack of a appropriate workforce with appropriate skills to improve cybersecurity defenses is leading many CISOs and CIOs to look outside their organizations for assistance. Businesses and healthcare suppliers are now increasingly hiring third party consultants and groups to provide cybersecurity services, according to a new report by Cybersecurity Ventures.

Cybersecurity attacks have risen by 48% over the last year and industry experts predict that the volume of security incidents will increase further still throughout 2015 and 2016. This is not an issue that will just go away. Improving cybersecurity defenses to avoid highly sophisticated attacks requires skilled staff, and with the complexity of attacks increasing there some urgency to address this.

The quarterly Cybersecurity Market Report shows that the increased risk of attack has led many businesses to create new roles for cybersecurity officers; however the dearth of skills has seen 209,000 of those cybersecurity jobs remain unfulfilled. Over the next three years, demand for skilled personnel is likely to rise further; exacerbating the current issue.

Unfortunately, the higher threat level means that positions cannot remain vacant for long. The only route available for many companies is to outsource the positions and recruit outside consultants to provide the security services required.

Time is pivotal when it comes to dealing with a data breach. Action needs to happen quickly, especially in heavily regulated industries such as the financial services and the healthcare if fines are to be prevented. It is therefore no surprise that healthcare providers are bringing in outside experts when they discover hackers or malicious insiders have accessed and copied Protected Health Information (PHI).

In recent times there has been an explosion in the number of cybersecurity suppliers. These companies can offer businesses – and healthcare providers – the services required to protect confidential data from external attacks, including developing customized solutions to lessen cybersecurity risk. Many of these firms are now specializing; dealing with the healthcare sector only or offering services exclusively to federal and government bodies.

One issue that is occurring across a number of sectors is the loss of trained employees. CISOs and CIOs are leaving their employers to set up their own private cybersecurity companies. Demand at an all-time high and a severe lack of staff with the appropriate talent and qualifications means there is considerable money to be made by going this route. Over the coming two years if the lack of personnel is not addressed, a great deal more security staff may break free and set up their own ventures compounding the current problem.

There are of course a number of benefits to outsourcing cybersecurity. By recruiting expert help, HIPAA covered bodies can ensure that risk assessments are conducted completely, all security vulnerabilities are addressed and a tailored action plan is put into action to address all security risks and minimize the probability of suffering a data breach.

Healthcare providers looking to introduce new technology systems must conduct a full and through risk assessment before the technology can be implemented to make sure that Protected Health Information (PHI) is properly secure (in accordance with the standards demanded by the Health Insurance Portability and Accountability Act.)

Each time new technology is introduced, staff need to be trained to run the new tech, or new staff must be hired. With the current pace of evolution in technology, systems often become obsolete very quickly and the whole process must start again. Outsourcing may cost more in the short term, but in the medium term savings care there to be seen.

However, unless the lack of staff is tackled nationally – HIPAA-covered entities may be left with no choice but to outsource to private cybersecurity companies, despite the cost. When the cost of a data violation is taken into consideration, outsourcing cybersecurity requirements to third party experts seems very cost effective by comparison.

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy