RH-ISAC’s 2018 Managed Security Service Provider (MSSP) Benchmark Survey Reveals Retail Industry CISOs Will Continue to Invest in Services

Increasing Challenges for In-House Talent a Concern

DATE August 21, 2018
Contact: RH-ISAC Press Office
[email protected]

Washington, D.C.—Organizations of different sizes show differing appetites for subscribing to and leveraging managed security service provider (MSSP) services. This is one of the key findings of the MSSP Benchmark Survey, conducted by Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC).

More than 40 organizations participated in the survey and reported that due to increasing cost concerns and challenges faced with in-house talent, organizations are looking to outsource security functions to an MSSP instead of building the capability in house for monitoring events from IT infrastructure logs, firewalls and Intrusion Detection Systems (IDS)/Intrusion Prevention Systems (IPS). Participating companies spanned retail channels, including retail, restaurants, hotels, gaming properties, consumer financial services and consumer packaged goods.

“While retail and hospitality businesses may have similar transaction volumes as some of their banking counterparts, they typically have smaller information security teams and spend. We observe that CISOs from our retail clients are finding ways to do more with less, helping their organizations secure tomorrow’s growth in a world of shifting consumer expectations,” said Upen Sachdev, principal at Deloitte & Touche LLP.

Many participating organizations indicate that they are likely to increase spend or retain 2018 budgetary spend for MSSPs in the coming year.

Lauren Dana Rosenblatt, deputy chief information security officer (CISO) for the Estée Lauder Companies, said, “For CISOs and their teams, benchmarking metrics and information sharing with retail industry peers provides visibility and useful context to build confidence from a strategic perspective and situational awareness at a tactical level. Whether our focus is on strategic planning or assessing our cyber threat programs, sharing information is a critical step that can help influence how we evolve our abilities to better protect our consumers, employees and brands.”

Highlights from the RH-ISAC MSSP Survey report include:

  • Next generation CISOs are leading innovation.
    • Respondents are driving in-house focus on orchestration, dark web monitoring, and hunting while leaning on MSSPs to block and tackle.
  • The most frequently leveraged managed security service is log monitoring with nearly all respondents currently subscribing.
  • Budget and talent are still top problems.
    • 92% of respondents report that the cost of developing and maintaining in-house talent, and/or challenges attracting and retaining talent are top reasons for leveraging MSSP services.

“All companies, including retailers, need to constantly adapt to stay ahead of today’s cyber threats. Benchmarking with other companies plays an important role in enhancing our security program at Target, supporting our team’s continuous improvement and getting visibility into the state of the industry. Cyber security shouldn’t be considered a competitive advantage, but a collaborative effort. Each company’s willingness to actively share information is crucial; the more we share, the better we become at defending our companies and strengthening the capabilities of the retail industry,” said Rich Agostino, CISO, Target Corporation.

About the Report

The RH-ISAC member companies provide expertise for the development of retail benchmarking programs that meet the need for retail-focused data and demonstrate the impact of security activities on business revenue. By harnessing input from member contributors and insight from industry partners, the RH-ISAC’s goal is to produce a series of focused surveys that inform member-derived products built to serve as a CISO reference for retail, gaming, restaurants, hospitality and other consumer-facing businesses. The MSSP Benchmark Survey is first in a series of surveys built to improve visibility, decision-making and prioritization abilities for CISOs.

RH-ISAC consulted Deloitte for its experience to develop the MSSP Survey of its members. The< full 2018 MANAGED SECURITY SERVICE PROVIDER (MSSP) BENCHMARK SURVEY report is available to RH-ISAC retail members. A white paper on the report is available to the public. For information about membership in the RH-ISAC, please contact Jennifer McGoldrick-Stenberg, Director of Membership & Operations.

About Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC), the Retail ISAC

The RH-ISAC is the trusted cybersecurity community for retailers, consumer products, grocers, hotels, gaming, restaurants, consumer financial services and cybersecurity industry partners worldwide. The RCISC supports its member base, representing more than $1 trillion in annual revenue, by serving as the conduit for collaboration, cooperation, and threat and best-practice sharing. Through building and sustaining valuable programs, partnerships, products and opportunities, the RH-ISAC enables its members to deepen their trust-based relationships, strategic knowledge and tactical capabilities. For more information on the RH-ISAC and how to join, visit Connect with us on Twitter and LinkedIn.

More Recent Press Releases