Skip to main content

Woburn, MA – February 23, 2023 – Kaspersky’s annual IT Security Economics report has revealed that, due to the complex nature of mature cybersecurity solutions, many companies have begun to outsource some functions to external InfoSec providers as they have more relevant expertise and can manage the technologies more efficiently than internal employees.

A complex cybersecurity solution won’t guarantee the best protection without a competent specialist managing it. A company’s search for these qualified individuals is complicated by the global shortage of experts in this field. This fact was quantified by (ISC)² who reported a 3.4 million-worker skills gap in the professional market in its 2022 Cybersecurity Workforce Study. As a result, businesses are outsourcing certain IT functions to managed service providers (MSP) or managed security service providers (MSSP) to get relevant expertise and up-skill teams.

Kaspersky’s global research conducted among IT decision-makers found that 58% of SMBs and corporations in North America said the most common reason to transfer certain IT security responsibilities to a MSP or MSSP in 2022 was the efficiency external specialists provided. Companies also named a shortage of IT employees (55%), the complexity of business processes (50%), the need for of specialist knowledge (47%) and compliance requirements (43%) as additional reasons for outsourcing IT security tasks.

“External specialists like MSPs and MSSPs can either manage all of the cybersecurity needs in a company or only focus on specific tasks. Their involvement usually depends on the size of the organization, its maturity, and management’s desire to be involved in information security tasks,” said Konstantin Sapronov, head of global Emergency Response Team at Kaspersky. “For small and medium-sized companies, it is reasonable not to hire a full-time specialist and transfer some of his functions to MSP or MSSP as it will be more profitable in terms of cost and efficiency. For large corporations, outside specialists usually mean extra hands to help their own cybersecurity teams deal with a large volume of work. However, it is important to understand that in any case the company should have basic knowledge of information security to be able to assess the outsourcers’ work properly.”

To protect your company against sophisticated cyberattacks, particularly if it lacks security staff or internal specialists, Kaspersky recommends using managed protection services. Comprehensive Expert trainings also help IT security specialists to maintain relevant skills and to be best prepared for the cyber threat landscape.

For additional insights about IT security costs and budgets in businesses in 2022, please visit the interactive IT Security Calculator. The full report “IT Security Economics 2022” is available to download here.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 240,000 corporate clients protect what matters most to them. Learn more at

Media Contact:

Cassandra Faro



Kaspersky finds companies outsource external experts as they manage cybersecurity solutions more efficiently

Kaspersky Logo