The past year has shown that the threat landscape is only going to get more dangerous. Breaches are becoming more frequent, targeted and sophisticated, with small businesses and large organisations alike at risk of falling victim to a cyberattack.

As we enter 2023, UK enterprises are facing what could potentially be a two-year recession. Increasingly challenging economic conditions mean less resource and tighter budgets could well force enterprises into a vulnerable position where they are unable to invest in greater cybersecurity protection. Simultaneously, the commercialisation of hacking is likely to generate more attacks and the strengthening of the ransomware market will result in more services being sold to lesser established groups. In this climate, a shift in cyber strategies is needed and outsourcing may well be the answer for organisations feeling the bite of financial constraints.

EXPANDING THREAT LANDSCAPE
The global cyber skills gap is widening, with 2.7 million open positions worldwide. Organisations are consequently struggling to recruit the new talent they need and face the internal challenge of staff churn, as security professionals have a plethora of alternative roles to transfer to. At the same time, cyberattacks are becoming more sophisticated. We saw throughout 2022 how timing has become a key factor in the destructiveness of breaches. Attacks launched ahead of holidays and quiet periods - such as the recent attack on The Guardian - when IT and security staff are less likely to be working have enabled threat actors to exfiltrate larger quantities of data and cause greater disruption to business operations.

In addition, 2023 is likely to bring new forms of attack as technologies develop. For example, businesses are relying more and more on IoT (Internet of Things), especially now we find ourselves in the era of 5G. It's going to take time for organisations to discover all the associated vulnerabilities, as newly introduced regulation gradually takes effect. Weak IoT security therefore may well become a potential backdoor for bad actors to leverage, in order to breach 5G networks or move laterally to internal servers.

To mitigate against these increasing cyber risks, organisations increasingly are looking to renew and secure cyber insurance. Soaring premiums, however, are a trend which will continue this year, making it difficult, if not impossible, for small and medium-sized enterprises (SMEs) to obtain cover in an unstable marketplace. In fact, over half of SMEs saw their cyber insurance premiums rise in 2022.

PROACTIVE VS REACTIVE
Taken together, the challenges facing organisations and their cybersecurity are immense. In order to effectively solve these, a change of tack is required. Many businesses are still treating cybersecurity reactively - improving and investing in their cyber hygiene and security posture after being breached. Yet the financial and emotional impacts of a data breach are significant. Financially, many organisations in the current economic climate would not recover and, emotionally, security professionals are being pushed to the brink. Proactivity, rather than reactivity, is therefore crucial.

Proactively identifying vulnerabilities and mitigating against threats can better protect organisations and staff, and should be a priority in any cyber strategy. Furthermore, companies looking to reduce their cyber insurance premiums in 2023 will need to demonstrate a proactive security-first culture, such as regular staff training initiatives and threat-hunting capabilities.

However, improvements are hard to make when already overwhelmed security teams are constantly firefighting vulnerabilities across their organisations. Businesses are therefore caught between a rock and a hard place: how can cybersecurity protection be bolstered within budget, but without the manpower to manage it? Turning to external cybersecurity experts is now becoming an increasingly popular option for businesses that lack in-house resource and need to ensure return on investment (ROI) on their cyber spend.

BENEFIT VS COST
Although cybersecurity is likely to still receive investment from the board in 2023, challenging economic times will mean CISOs and security leaders will face intense scrutiny from stakeholders over how their budget is allocated. Organisations will therefore likely be questioning benefit versus cost when service outsourcing is suggested.

When it comes to cybersecurity, however, it is more cost effective to work with a third party. Setting up a Security Operations Centre (SOC) in-house, for example, would set organisations back by £500,000 on average and the skills gap will still represent a significant challenge.

An outsourced SOC guarantees 24/7/365 threat monitoring, detection and remediation capabilities, and provides organisations with the aggregate value of experienced cyber-security professionals who have extensive knowledge of the threatscape. And as the average cost of a data breach now totals £3.6 million, and fines issued by the Information Commissioner's Office more than tripled in 2022, the cost of inadequate cyber hygiene is simply not worth it.

Outsourcing SOC services also frees up in-house staff who are increasingly frustrated, overworked and burnt-out. Rather than dedicating significant portions of their day-to-data analysis and manual reporting - with teams now spending 59% of their time on these tasks - security professionals can focus on higher value tasks to protect their organisation. Or, as outsourced teams take responsibility for threat detection, the internal workforce can turn attention to upskilling, digital transformation and growing business capabilities.

Finally, by working with experts to reduce risk and improve security posture, cyber insurance, too, becomes a more affordable option. Managed Security Service Providers (MSSPs) will undoubtedly be able to identify the best ways to comply with insurer requirements and become a more attractive, risk-averse customer. They can even work closely with insurers to take actionable steps in boosting an organisation's cyber hygiene before they finalise policies. A SOC plays a key part here, as an insurer will have far more confidence providing cover for enterprises that can prove protection every day of the year.

LOOKING AHEAD
The economic and cyber climate is going to be increasingly challenging for all organisations throughout 2023. Cybercriminals are only becoming more organised and sophisticated, and it will be extremely difficult for businesses to effectively protect themselves operating solely with under-resourced in-house capabilities.

Outsourcing is therefore an excellent option to provide reassurance to teams and stakeholders that an organisation is protected all year round. And support from third-party cybersecurity experts makes budgetary sense for several reasons: working with an outsourced SOC ensures round-the-clock threat monitoring, relieves pressures from overwhelmed in-house professionals and demonstrates crucial proactivity to insurers for those looking at investing in cyber cover.

Outsourcing cybersecurity also provides the financial and emotional peace of mind that business and security leaders are looking for, guaranteeing vital ROI as we enter an economically turbulent year.