Tuesday, 27 July 2021 21:59

Should organisations expand in-house teams or outsource their security?

By Aaron Bugal
Aaron Bugal, Global Solutions Engineer of APJ at Sophos Aaron Bugal, Global Solutions Engineer of APJ at Sophos

Guest Opinion: There has been an amplification of cybersecurity challenges sparked by the pandemic, and IT and cybersecurity teams have been at the forefront of organisational demands in almost every industry. With 57 per cent of Australian IT teams saying the number of cyberattacks have increased during 2020, cybersecurity should no longer be looked at as merely a risk management measure; it’s an essential part of any business strategy.

For those organisations reviewing or establishing a cybersecurity strategy, it’s important to consider whether in-house or outsourcing is best for your business. The ability to hunt for threats, detect unusual activity and respond to incidents is important in an effective strategy, but how do you know what approach is right for your business?

Regardless of your choice, IT security teams will continue to grow in size. According to Sophos’ ‘IT Security Team: 2021 and beyond’ report:

  • 70% of Australian organisations anticipate an increase in in-house IT security staff by 2023 and 79% by 2026.
  • 60% expect the number of outsourced IT security staff to grow by 2023 and 66% by 2026.

It’s not a matter of which approach is better, but which approach is a better fit for your business. Here’s what to consider.

Building an internal cybersecurity team

An in-house team will have a stronger understanding and deeper knowledge of the business as they understand the IT infrastructure and the day-to-day business operations. Internal teams also understand the unique culture of the business and are ready-armed knowing the values and goals of the business. This inherent knowledge allows informed decisions to ensure the business is protected without disruption. However, managing an in-house cybersecurity team requires a hefty amount of investment and oversight.

While having an in-house team of cybersecurity professionals may result in greater transparency and faster communication as it doesn’t involve a third party, there are downsides. IT security employees have the same rights as all other employees and it’s important to consider that sick leave and annual leave pose potential issues to achieve maximum productivity and efficiency – and continuity of protection.


Using external cybersecurity professionals

Outsourcing your cybersecurity requirements to a third party such as a managed threat response (MTR) service provider can provide your business with a fully managed service to deal with any cyber issues 24x7 365 days of the year. Not many organisations have the right tools, people, and processes to effectively provide active threat protection with their business needs. Having a managed threat responder can help businesses who lack the resources and knowledge to proactively hunt for threats, scope their severity, initiate action and provide actionable advice to address the root cause of incidents.

Although managed threat responders will do the work, the business ultimately owns the decision and decides what actions the team will take and how incidents are managed. It’s not solely left to tech either – solutions may fuse machine learning technology with human experts to provide further analysis for improved threat hunting.

Engaging an external cybersecurity team will also save you the hiring headache of having to find someone with the right skills especially considering sixty-three per cent of companies struggle to recruit candidates with the necessary skills. Add to this onboarding and training as well as ensuring these employees are staying on top of the ever-evolving threat landscape. Researching, acquiring and setting up cybersecurity software and hardware can be time-consuming. Identity security, compliance, documentation and analytics are some of the other aspects to be considered when managing an effective program.

Cybersecurity has always been important, however, the explosion of remote-working seen in 2020 was for many, the catalyst for business leaders to take action, with 70 per cent of Australian companies agreeing the outbreak of COVID-19 was the strongest catalyst for upgrading cybersecurity strategy and tools in the past 12 months. As organisations continue to build or adjust their cybersecurity strategy, it’s important to remember there is no “one size fits all” approach. Every organisation is unique and requires an individual approach to cybersecurity. The one thing that remains the same across the board is the need to continuously evaluate your strategy and make adjustments as required to ensure your level of protection is proportionate to your risk profile.

Subscribe to ITWIRE UPDATE Newsletter here


It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinatrs and campaigns and assassistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News