Cyber Security: Outsource or In-house

Read time 4 mins

Written November 2020


We know Cyber-attacks are getting more sophisticated and frequent, but do we know the options available to protect our business against them?

We are constantly being told that the methods used to commit Cyber-attacks are rapidly evolving – and for good reason: because they are. Take the humble fish tank for example. Back in 2017, hackers tried to compromise a North American casino’s data via their lobby aquarium. This might not sound like the work of a criminal mastermind, but the perpetrator had good reason to target the tank: it was connected to the internet. Suddenly, businesses have become acutely aware that Cyber-attacks are not limited to desktops and laptops – fridges, thermostats, lights, security cameras…the list goes on, are all potential targets.

It’s a catch-22 situation for most businesses: they need technology to grow but the more they embrace it, the more they are exposed to the threat of Cybercrime. The sheer amount of technology in use – from cloud platforms to emerging tech like AI – is widening the surface area for potential attacks. Nearly a third of British businesses suffered a Cyber security breach last year. Combine this with the threat of fines for leaking customer data and it’s easy to see why Cyber security has moved towards the top of the organisational agenda.

Recognising the risk is one thing; taking necessary action to mitigate it requires a little more thought. A business’s options for approaching this fall into two categories: outsource or in-house. Choosing between using an external Cyber security provider or building an in-house team depends on factors like company size, amount of data and resource availability. So, how do they both compare against key consideration factors?


The costs of outsourcing cybersecurity requirements to a Managed Service Provider (MSP) are likely to be significantly lower than the costs of setting up, recruiting and managing an in-house team. Once you factor in the facilities, technologies, salaries, bonuses and training – which are taken care of by an MSP – the decision is almost made for you.

Technical skillset

As hackers accelerate attacks using increasingly sophisticated methods, businesses that want to improve their Cyber security require access to equally sophisticated skillsets. According to a recent study by Capgemini, however, the Cyber Security skills gap is a cavernous one: around seven in every ten businesses report high demand for cyber skills, while just four in ten have those skills present within the organisation already. Recent estimates suggest there will be a global shortage of around 3.5 million Cyber security professionals by 2021.

This lack of talent stretches the budget of businesses that build in-house teams to the limit because Cyber security professionals can command big salary’s when available. Outsourcing this requirement to an MSP solves this problem, as the relevant skills, experience and accreditation come as a part of the package.


Setting up a Cyber Security team in-house is not an overnight job. From finding, hiring and training talent to setting up the physical infrastructure and hardware, it’s a time-consuming process – a process that will have to be repeated if your business grows and the attack surface widens.

Yes, an outsourced provider must take the time to review your policies and understand your requirements, but they will take care of the tech selection and implementation – meaning Cyber security solutions can be deployed far quicker. An MSP is also well-placed to scale up or down in response to evolving threats, cyclical peaks of activity and the growth cycle of your business.


Management resources will feel the weight of in-house cybersecurity programmes. And while a CISO can help ease some of the pressure, management will still be heavily involved – from the HR programmes required to recruit and train team members to the financial planning required to operate this vital function.

Outsourcing removes the need for a significant management investment. The MSP will be accountable for the overall management of your Cyber security programme – freeing up resources that would otherwise be tied up dealing with day-to-day Cyber security workflows. So, they can focus on what really matters: growing your business.

Business needs

Step away from the computer – or the fridge, thermostat, lights, security cameras… – and other non-technical issues linked to Cyber security come to light: governance and compliance, policies, standard operating procedures, audits and people – a business’s biggest security risk. Not to mention the detrimental impact a potential Cyber-attack might have on the business: reputationally, financially and legally.

Unlike in-house teams, which typically focus on the technical – because that’s what they’ve been employed to do – an outsourced MSP recognises that Cyber security is a business risk issue, not just a technology issue. They can, therefore, act as an objective Cyber orchestrator – someone who is as adept at communicating and collaborating with different stakeholder as they are at managing the technical aspects of Cyber security.


Discover our Cyber Security services and how we could help protect your business.

Get In Touch