Raytheon/Ponemon survey confirms companies wait until an event to hire a data security vendor

Linn Freedman
Robinson+Cole Data Privacy + Security Insider
Contact
LinkedIn
Facebook
X
Send
Embed

The results of a Raytheon commissioned Ponemon study released on June 7, 2016 shows that at least two-thirds of businesses wait until they have experienced a cyber-attack or data breach to hire and retain security vendors to help.

That statistic is consistent with this writer’s experience.

The survey, entitled “Don’t Wait: The Evolution of Proactive Threat Hunting,” included responses from 1,784 information security professionals in 19 countries on when they outsource network security activities. It also outlines factors important for success, barriers IT departments experience and challenges with retaining outside data security vendors.

According to the survey, fifty-six percent of respondent use managed security services (MSS) and twenty-two percent said they planned to engage an MSS in the future. Eighty percent “view MSS as essential, very important or important to their overall IT security strategy. Further, fifty-seven percent of the respondents said they rely on providers as they did not have adequate in house capabilities. Unfortunately, 84 percent of the respondents said that the MSS providers do not offer “proactive hunting services” and 80 percent stated that they need to update their IT strategies.

Other findings include that 54 percent of the respondents stated that their MSS provider found software exploitation more than three months old on their network, and that insufficient personnel and lack of expertise are challenges to implement a robust cybersecurity program.

Not surprisingly, the survey shows that sixty-five percent of the respondents “believe their MSSP leverages insight gained from monitoring a large number of security events from a global customer base: …and more than half say it effectively mitigates the risks after they are identified.”

Gaining insight from professionals who are seeing threats and responses through the lens of multiple incidents is insightful and essential to a cybersecurity risk management program. The point of the survey is to show that companies are still slow to outsource data security help until after an event, which is too late.

[View source.]

Send Print Report

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
Sign Up Log in
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide