Cybersecurity incidents have risen by 48% over the course of the previous 12 months and industry experts predict that the volume of security incidents will rise further still throughout 2015 and 2016. This is not a problem that will just go away. Improving cybersecurity defenses to resist highly sophisticated attacks requires skilled staff, and with the complexity of attacks increasing there is no time to lose.
The quarterly Cybersecurity Market Report indicates that the increased risk of attack has led many businesses to create new positions for cybersecurity officers; however the dearth of talent has seen 209,000 of those cybersecurity jobs remain unfulfilled. Over the next three years, demand for skilled personnel is likely to increase further; exacerbating the current problem.
Unfortunately, the elevated threat level means that positions cannot remain unfulfilled for long. The only option available for many companies is to outsource the positions and recruit outside experts to provide the security services required.
Time is critical when it comes to dealing with a data breach. Action needs to be taken fast, especially in heavily regulated industries such as the financial services and the healthcare if fines are to be avoided. It is therefore no surprise that healthcare providers in particular are bringing in the experts when they discover hackers or malicious insiders have accessed and copied Protected Health Information (PHI).
In recent years there has been an explosion in the number of cybersecurity firms. These companies can offer businesses – and healthcare providers – the services needed to protect confidential data from external attacks, including developing customized solutions to minimize cybersecurity risk. Many of these firms are now specializing; dealing with the healthcare industry only or offering services exclusively to federal and government agencies.
Huge Demand Has Led Many CISOs and CIOs to Set up Cybersecurity Firms
One problem that is occurring across a number of industries is the loss of trained staff. CISOs and CIOs are leaving their employers to set up their own private cybersecurity firms. Demand at an all-time high and a severe lack of staff with the appropriate skills and qualifications means there is considerable money to be made by going private. Over the coming two years if the lack of personnel is not addressed, a great deal more security staff may break free and set up their own ventures compounding the current problem.
There are of course a number of advantages to outsourcing cybersecurity. By recruiting expert help, HIPAA covered entities can ensure that risk assessments are conducted thoroughly, all security vulnerabilities are addressed and a tailored action plan is implemented to address all security risks and minimize the probability of suffering a data breach.
Healthcare providers looking to introduce new technology must conduct a full and through risk assessment before the technology can be used to make sure that Protected Health Information (PHI) is properly safeguarded (in accordance with the standards demanded by the Health Insurance Portability and Accountability Act.)
Every time new technology is introduced, staff need to be trained to run the new tech, or new staff must be recruited. With the current pace of advances in technology, systems often become obsolete very quickly and the whole process must start again. Outsourcing may cost more in the short term, but in the medium term savings can certainly be made.
However, unless the lack of staff is addressed – on a national level – HIPAA-covered entities may be left with no choice but to outsource to private cybersecurity companies, regardless of the cost. When the cost of a data breach is taken into consideration, outsourcing cybersecurity requirements to third party experts seems very cheap by comparison.