Businesses across the UK have criticised the security testing industry for being too expensive, with a new report highlighting that firms are spending more than £6.6bn annually protecting critical assets from cyberattacks.
Research from AVORD – a new security testing platform launched in January – puts the spotlight firmly on the security testing market, which the company says is dominated by consultancies that provide services to businesses, sometimes at twice the daily rate of an independent tester.
And with 77% of UK businesses claiming the cost of testing is too expensive, AVORD says there is a clear demand for change.
The need to use external consultants is driven by the fact only one in five (21%) UK businesses have sufficient, in-house, employee skills and knowledge to carry out security testing – most of which are major organisations with more than 750 employees. Looking at SMEs, the figure falls to just 1%, with businesses almost exclusively (95%) outsourcing the testing of security controls for its critical assets
The challenges of security testing
Three in four businesses are currently initiating security testing to comply with organisational operating practices and standards, such as ISO27001, ITIL, ISF’s Standard of Good Practice for Information Security and public sector guidelines. However, most firms taking part in the study said that determining the risks associated with a sensitive data breach (72%) and cost (72%) were major challenges when it comes to conducting tests.
The complexities and lack of security testing knowledge were also cited as key issues, with seven in 10 revealing ‘identifying when in the development process to test’ and ‘what kind of testing was required’ as further challenges. As a result, more than three quarters of businesses (82%) are now outsourcing security testing on their critical assets at considerable expense.
A surge in cybercrime
Worryingly, 33% of UK businesses have battled an online security breach in the past 12 months, which have directly hit their bottom lines, lost them customers and damaged their brand reputations. Of those hit by a cyberattack, 95% reported that the breach occurred partly or totally as a result of issues with the security testing process.
Over the past five years the majority of companies have seen a major increase in the number of data breaches: a quarter reported an increase of between 10% and 20%, one in 10 reported an increase of between 30% and 40% more, while more than a half reported up to 10% more data breaches.
A new era in security testing
AVORD, which launches today, promises to slash the price of security testing and make it simpler and more accessible. Its free online platform will bring 1000s of highly qualified security testers together with businesses. The brainchild of two career security professionals, who have seen the market monopolised by major consultancies, it will enable companies to reduce their costs by 30% to 40%.
The unique online security testing platform cuts out the expensive middle men, ensuring that businesses of all sizes can protect their businesses against future threats. Free to use, AVORD provides automated scheduling and tracking of security tests, delivering an instant view of all tests across an estate through a fully interactive risk and reporting dashboard.
The new platform will also allow security testers to sign up for free, enabling them to stay independent and charge their normal day rates. They will, for the first time, have a place where they can receive contract offers from clients around the world who have specific requirements that match their skillset.
Brian Harrison, Founder and CEO of AVORD, said: “Quite simply, security testing has become too expensive for many UK businesses. Companies are struggling to cope with the ever-increasing threats impacting on their attempts to secure systems at current costs. Unless something changes, businesses will be forced to cut corners and this will inevitably mean there are more data breaches and system outages.
“AVORD has been designed to disrupt the current security testing model by cutting out the costly ‘middle-man’ consultancies and allows businesses to directly manage and engage security testers. This means that whereas industry currently pays up to £1,100 per day for cybersecurity testing, that cost will be reduced to approximately £600, collectively saving UK businesses around £3bn annually.”