The cybersecurity industry is facing two major challenges: an increase in cybercrime and sophisticated attacks alongside a vast deficiency of cybersecurity practitioners to fill open positions. There are currently more than 4.7 million overall cybersecurity employees, with over 400,000 hired this year alone. Despite this hiring increase, recent data reveals a need for 3.4 million additional cybersecurity workers worldwide in order to effectively secure assets. Cybercrimes rose more than 600% over the last year, causing many organizations to increase their cybersecurity budgets with the goal of hiring even more security experts. In fact, the number of companies planning to expand their cybersecurity teams has grown from 51% in 2020 to nearly 75% this year. This combination of increased cyberattacks and insufficient staffing has left many companies unable to secure their systems with existing in-house resources.

Against a backdrop of global economic volatility, cybersecurity professionals are facing increasingly complex architecture environments, a rise in disparate cloud-based tools and systems, and persistent external threats and attacks. Additionally, the proliferation of emerging technologies like artificial intelligence and machine learning, big data analytics, threat intelligence and cutting-edge automation platforms are starting to necessitate specialized services that are most up to date on the newest advancements in security — something existing in-house teams may find harder to keep up with. The necessity to adapt cybersecurity knowledge in the face of technological advancements is being observed at the national level: the U.S. administration recently launched the 120-day Cybersecurity Apprenticeship Sprint, a program to help a wide array of young professionals gain skills in the field.

At the same time, the current state of cybersecurity employment is creating sizable barriers and roadblocks for many organizations. Across distributed workforce, hiring freezes and current market dynamics, the shortage of skilled IT/security professionals on staff and the inability to stay updated with the recent tools, technologies, and practices exacerbates corporate concerns.

The culmination of these factors has prompted an increasing number of organizations to turn to managed security service providers (MSSPs) or managed detection and response firms (MDRs) to handle their information Security Operations Center (SOC) needs.

Benefits and offerings of MSSPs & MDRs

A managed security service provider is an IT organization that delivers outsourced operating and alert monitoring of an organization’s systems and security devices through both software and services. MSSPs offer various security products and solutions to their clients ranging from device management, security training, and assessment services to incident detection and emergency response services. On the basis of their fundamental effects on security management, products and services can be classified into prevention, detection, and response. At Xerox, for example, Xerox IT Services Security can serve as an MSSP to help customers identify, assess and implement key security controls and provide IT leadership and guidance every step of the way.​ Its assessments offer​ hands-on technical​ validation of all security​ technologies within​ customers’ IT environments, including end user devices, servers, network, firewalls and other security devices. While MSSPs can be heavily automated services, MDR is human-operated, with live threat hunters monitoring customer networks in real time for signs of cyber intrusion and/or compromise.

For some companies, outsourcing these requests to managed providers can be more cost-effective than hiring an in-house security team — something more business leaders may consider due to recent economic volatility and talks of a potential recession. And while larger enterprise companies may benefit from managed services due to the likelihood of facing heightened and more targeted security threats against their network, small- to medium-sized businesses (SMBs) may find these services are the only alternative to building out a robust in-house team. MSSPs and MDRs can also be utilized in addition to an in-house security or IT team, taking the time-intensive work of activities like security monitoring or proactive threat hunting, detection and response off that team’s plate to enable them to focus on more core business functions.

Current market opportunities

According to latest reports, the MSSP services industry is entering a huge growth period. Valued at $23.19 billion in 2021, the market is expected to reach a $56.6 billion valuation by 2027. It’s estimated that approximately 30% of SMBs have not yet outsourced their IT management needs, suggesting strong growth potential for new client acquisition. Given the current cybersecurity job market and increasing cyber threats, it’s likely slower adopters will increasingly see value in engaging with MSSPs and begin to outsource these needs.

While already operating with a focus on utilizing and understanding advanced technologies, the industry is still ripe for new innovation. One of the biggest technology trends over the next few years across enterprise, midmarket and SMBs will be using hyperautomation (streamlining procedures by introducing automation on a larger scale through tools like artificial intelligence and machine learning) to address an entire system rather than just separate parts. Specifically to MSSPs, Gartner estimates the introduction of hyperautomation tools will lower operational costs by up to 30% in the next two years.

Successful managed providers will have to react quickly to emerging technological disruption to attract the best talent and retain customers, especially as more organizations migrate to cloud & multi-cloud services and experience those effects on their increasing on-premise maintenance and hardware sales (making scalability and security a major challenge). The MSSP industry is at an inflection point of accelerated digitization and adoption of new security tools, and we expect to see a rapid increase in emerging cybersecurity companies over the next decade that capitalize on the increased market demand as a result. As such, investors are moving to increasingly support security software startups, built around applications, data and identity, that have developed MSSP/MDR-centric capabilities, as evidenced by our recent investments in LimaCharlie and Anvilogic.

LimaCharlie

LimaCharlie is an Information Security Infrastructure-as-a-Service (SIaaS) developer and provider of general-purpose, component-driven, cloud-based information security tools and infrastructure. Similar to how Amazon Web Services or Google Cloud Platform deliver core components of IT, LimaCharlie offers a full stack of cloud-based information security tools through an infrastructure on-demand platform, lowering barriers to entry for new providers. By giving security teams full control over how they manage their security infrastructure, the company enables Enterprise and MSSPs to detect and respond to threats, automate processes, reduce vendor usage and future-proof security operations. This approach enables companies to access the precise capabilities they need and only pay for what they use, a model that has previously enabled cloud service providers to disrupt the traditional IT market. LimaCharlie also enables organizations to route their data at the event level, which means they can drastically reduce storage costs by only sending relevant data to high-cost security tools like Splunk, Elastic, Sumo Logic, or other SIEM and data analytics solutions.

Anvilogic

Anvilogic is a cloud-based automated Security Operations Center (SOC) platform that leverages the economic advantages of cloud data warehouses in comparison with legacy on-premises Security Information and Event Management (SIEM) solutions. However, legacy on-prem SIEM solutions are proving to be too rigid and expensive to maintain as security teams embrace cloud-based products and alert data volumes continue to grow. For data breaches and cybersecurity threats, SOC processes haven’t changed much in a decade. By leveraging a cloud data warehouse (e.g., Snowflake) instead, it is easier for organizations and MSSPs to scale storage at a predictable cost and centralize security data. With a cloud-data warehouse, security tools can also capture business data that can provide additional context. For instance, Anvilogic offers organizations a collaborative SOC content platform that sits on top of a cloud data warehouse and ingests signals across both security tools and SaaS apps, running security analytics across these sources to identify threats in real-time. By leveraging the economic advantages of cloud data warehouses, Anvilogic delivers high performance at a predictable cost. Companies like Anvilogic are making it simpler for security teams to correlate signals across their software stack and make the transition to cloud-native approaches to security, creating a modern, future-proof SOC.

Looking ahead

Today’s cybersecurity and economic environments are creating the perfect opportunity for increased MSSP & MDR growth and adoption. Over the coming years, we’ll see more organizations outsourcing significant portions of their security and IT tasks to these external teams, making this a great time for investors and entrepreneurs alike to focus on what tools they can build and support for the industry.