A lack of a appropriate workforce with appropriate skills to improve cybersecurity defenses is leading many CISOs and CIOs to look outside their organizations for assistance. Businesses and healthcare suppliers are now increasingly hiring third party consultants and groups to provide cybersecurity services, according to a new report by Cybersecurity Ventures.
Cybersecurity attacks have risen by 48% over the last year and industry experts predict that the volume of security incidents will increase further still throughout 2015 and 2016. This is not an issue that will just go away. Improving cybersecurity defenses to avoid highly sophisticated attacks requires skilled staff, and with the complexity of attacks increasing there some urgency to address this.
The quarterly Cybersecurity Market Report shows that the increased risk of attack has led many businesses to create new roles for cybersecurity officers; however the dearth of skills has seen 209,000 of those cybersecurity jobs remain unfulfilled. Over the next three years, demand for skilled personnel is likely to rise further; exacerbating the current issue.
Unfortunately, the higher threat level means that positions cannot remain vacant for long. The only route available for many companies is to outsource the positions and recruit outside consultants to provide the security services required.
Time is pivotal when it comes to dealing with a data breach. Action needs to happen quickly, especially in heavily regulated industries such as the financial services and the healthcare if fines are to be prevented. It is therefore no surprise that healthcare providers are bringing in outside experts when they discover hackers or malicious insiders have accessed and copied Protected Health Information (PHI).
In recent times there has been an explosion in the number of cybersecurity suppliers. These companies can offer businesses – and healthcare providers – the services required to protect confidential data from external attacks, including developing customized solutions to lessen cybersecurity risk. Many of these firms are now specializing; dealing with the healthcare sector only or offering services exclusively to federal and government bodies.
One issue that is occurring across a number of sectors is the loss of trained employees. CISOs and CIOs are leaving their employers to set up their own private cybersecurity companies. Demand at an all-time high and a severe lack of staff with the appropriate talent and qualifications means there is considerable money to be made by going this route. Over the coming two years if the lack of personnel is not addressed, a great deal more security staff may break free and set up their own ventures compounding the current problem.
There are of course a number of benefits to outsourcing cybersecurity. By recruiting expert help, HIPAA covered bodies can ensure that risk assessments are conducted completely, all security vulnerabilities are addressed and a tailored action plan is put into action to address all security risks and minimize the probability of suffering a data breach.
Healthcare providers looking to introduce new technology systems must conduct a full and through risk assessment before the technology can be implemented to make sure that Protected Health Information (PHI) is properly secure (in accordance with the standards demanded by the Health Insurance Portability and Accountability Act.)
Each time new technology is introduced, staff need to be trained to run the new tech, or new staff must be hired. With the current pace of evolution in technology, systems often become obsolete very quickly and the whole process must start again. Outsourcing may cost more in the short term, but in the medium term savings care there to be seen.
However, unless the lack of staff is tackled nationally – HIPAA-covered entities may be left with no choice but to outsource to private cybersecurity companies, despite the cost. When the cost of a data violation is taken into consideration, outsourcing cybersecurity requirements to third party experts seems very cost effective by comparison.