Opinion: Outsourcing cybersecurity in healthcare and the public sector

Dominic Carroll, Director of Portfolio at leading threat detection and response provider e2e-assure on how healthcare organisations and the wider public sector can ensure their cyber security operations are fit for the future…  

According to our recent study, ‘Outsourcing Cybersecurity in 2024’, 77% of healthcare organisations have experienced a cyberattack. Featuring input from 500 UK chief information security officers (CISOs) and senior security decision-makers from a variety of industries, the survey also found that only 13% of organisations describe their cybersecurity provider or in-house team as ‘exceeding expectations’, which is lower than the average across industries, including financial services, professional services and manufacturing, which sits at 16%.   

Dominic Carroll

As we look to the future of healthcare and observe the collaboration between local government and the wider public sector, it’s become more important than ever for organisations to reassess and strengthen their current cybersecurity defence strategies.  

The current state of the sector 

The key frustrations facing the healthcare industry and public sector are diverse, particularly considering local government’s role within the NHS and in improving outcomes in health and care. Some 33% or organisations reported a lack of proactivity from providers to finetune cyberalerts and protect environments, while 29% revealed long and complex contract terms were in place, leaving no room for flexibility. The cybersecurity needs for healthcare organisations are not being met as 31% say their provider or in-house team is underperforming and, as a result, they are looking to make changes to bring long-term efficiencies. 

In response to the sector’s frustrations around proactivity and speed, there is a huge opportunity for outsourced cybersecurity providers to support organisations. It doesn’t come as a surprise that 52% say speed is a priority in making decisions around their cybersecurity environment. The biggest ‘don’t have but desire’ of organisations is real-time visibility of reporting dashboards, as confirmed by 55% of respondents. 

Flexible solutions vs locked-in contracts 

Having a flexible cybersecurity solution in place is integral for healthcare and public sector organisations in supporting them to scale their security services and adapt to their changing needs, as well as being able to evolve with cyberthreats as they develop over time. The top three outsourced operations are security operation centres (SOC as-a-service), threat detection and response, and end-to-end solutions. However, according to 50% of respondents, providers are not implementing proactive measures, such as threat hunting, which is the number one frustration. 

While SOC-as-a-service has seen exponential growth within the marketplace, organisations utilising this approach cited frustration around the continual barrier to bolt-on services (18%), not to mention that the speed and accuracy currently provided isn’t sufficient. 

While for some, long contracts allow for predictable costs, they also restrict flexibility and agility over a contract term. This frustration has follow-on consequences, with organisations struggling to ensure that their cyberprovision continues to be fit for purpose over time. This is particularly relevant for healthcare and the public sector, as the ever-evolving threat landscape becomes increasingly sophisticated and takes advantage of any emerging vulnerabilities, such as an increasingly fraught workforce or inexperienced team members. Providers should be proactively offering clear roadmaps to evolve their customers’ security posture rather than issuing rigid, complicated contracts that busy healthcare and public sector staff don’t have the capacity to ponder. 

Looking at the future and long-term protection 

The need to demand more proactive, up-to-date and accurate reporting to drive quicker decision making is key for the sector. Speed and accuracy are everything in healthcare and public services. As one of the top frustrations for sector CISOs, too many false positive alerts create a lack of clarity, therefore resulting in a delayed response, potentially adding to the serious nature of a cyberattack and further exasperating the already dire burnout issue for the sector. Key processes that providers should be carrying out include continually validating analytics to ensure that threat data is accurate and tracking emerging threats and vulnerabilities using proactive measures such as detection surface validation, intercepting and investigating any potential threats using attack disruption methodology. 

Another area is the push for closer integration so providers can better understand an organisation’s environment and spearhead plans – we’ve seen a huge desire across healthcare and the public sector to either outsource or take a hybrid approach. Providers need to integrate more closely with internal teams, take on more responsibility and accountability, and make the time to truly understand customers’ environments. By spearheading cyberdefence roadmaps providers can lead CISOs in the sector through this ever-evolving landscape. 

The relentless pressure on the public sector and healthcare industry comes from all angles, including from the velocity of cyberattacks. To combat any threat to people’s personal health data, detection needs to be accurate and swift. The sector does not have the capacity to manage this, and so leaders and decision makers are relying heavily on outsourced or hybrid approaches. Ensuring providers are putting forward robust, flexible and highly effective cybersecurity offerings is fundamental for allowing organisations to thrive and present an unrivalled experience for people and their families.

In related news:

Life-threatening IT outages prove ‘cyber Armageddon’ likely in technology age

Transforming schools’ data management in Wrexham through MIS

Essex school reprimanded for illegal use of facial recognition technology