The managed services industry has made a huge impact and is one of the more significant trends coming out of cybersecurity in the last few years. Managed services like MDR, MSSP, and similar offerings have come out as a response to the major shifts in cybersecurity. These include the quickly evolving threat landscape, an increased risk environment, and the cybersecurity talent gap. As a result, organizations are now looking for a cybersecurity partner that offers comprehensive cybersecurity services.
These managed services vary in what they do and the services they provide organizations. However, for the most part, they serve as outsourced cybersecurity teams, outsourced SOCs, and be a cybersecurity partner that can provide real-time detection and response services, and potentially aid in remediation and investigative efforts. Gartner® predicts that “by 2025, 50% of organizations will be using MDR services for threat monitoring, detection and response functions that offer threat containment and mitigation capabilities”¹. Frost and Sullivan has also predicted that by 2024, the MDR industry will hit revenues of $1.9B.
Despite the MDR sector being relatively new, it is maturing in key areas, particularly how it interacts with other elements of the cybersecurity industry and how it’s responding to market shifts. In this article, we’ll go over some major predictions for 2023, highlight key shifts in the MDR landscape, and help organizations refine their approach while they look for MDR services in the new year.
Cyber insurance and MDR will edge closer and closer together
MDR services and similar managed service providers provide a major benefit to organizations. Not only do they provide essentially detection and response services 24/7, minimizing the risk of a compromise and improving recovery and remediation efforts, but they also offer monitoring, security data analysis, and often provide additional telemetry or centralize telemetry sources.
The cyber insurance industry has noticed the information and analysis potential MDR partners provide to clients and is now involving themselves in multiple ways, so much so that Forrester predicts that “at least three cyber insurance companies will acquire a managed detection and response (MDR) provider”². In addition to new processes and tech cyber insurance providers are requiring companies to have, many of them are also requiring policyholders to have an MDR provider if they aren’t able to meet key requirements in-house.
Cyber insurance companies will also leverage the telemetry, attacker activity data, and other client-side information available from MDR providers to refine their underwriting guidelines, have a better understanding of their clients’ environments, and verify attestation. For cyber insurance policy holders, this may affect premiums, coverage and payouts.
Your move: If you have an MDR provider or are looking for one, make sure you understand whether or not your cyber insurance company will have access to the data an MDR provider collects and process, and how it will be used. Be specific in your communication to see if the information provided will affect coverage and payout — it might also be helpful to know whether you have any say or control over this as you may, for a variety of reasons, not want to share environment-related information with your cyber insurance provider.
More managed services will emerge and expand
As managed services continue to grow and the sector matures, we expect more types of managed services to emerge. These will likely be services that provide a different bundle of technologies such as MFA, data backups, and incident response, they may target specific audiences, such as SMBs or mid-market organizations, or they’ll be developed for specific verticals and industries
Expanded MDR services may include additional services and may even serve as fully functional, independently outsourced cybersecurity departments for a given organization.
Among these new services include Cybersecurity as a Services (CSaaS), Managed SecOps, External Attack Surface Management (EASM), MSOC, managed identity and access, managed data protection and cloud security services, and managed SIEM services.
Your move: As is often the case in cybersecurity, organizations have an abundance of choice when it comes to vendors and partners. That means companies need to do their due diligence and avoid following the marketing, the buzzwords, and the shiny new service.
Instead, cybersecurity leaders need to select their managed services based on what they need and what their organization can’t do internally. They may need to meet key cyber insurance or compliance requirements, support a department that isn’t trained for multi-cloud environment security, or they may just need detection and response support. Be strategic with your cybersecurity partners and try to avoid selecting managed services that aren’t comprehensive as you may fall into similar pitfalls as having too many tools or vendors.
Despite budget cuts, MDR will still be a priority
2023 is sure to bring a lot of uncertainty, particularly around budgets and spending, given fears of a recession and a continuation of the market downturn. Cybersecurity leaders are often already strapped for cash. With additional scrutiny around budgets, they will likely look to find new ways to cut costs and optimize spending.
However, despite what may seem like a trend towards smaller budgets, according to research from BCG that surveyed IT buyers, many actually expected to increase spending despite having fears of a recession. This spending is projected to increase across strategic areas like cybersecurity, cloud security, infrastructure, and analytics.
This means many cybersecurity and IT leaders will be looking to bolster their cybersecurity efforts, particularly in the cloud security space. This means that MDR services will likely be a hot commodity, which may shift market equilibrium and leave companies who aren’t investing in these services in a worse position.
Cybersecurity leaders make decisions based on the assumption that their competitors will be cutting their spending, will end up making strategic missteps and may end up having a less secure company compared to their peers.
Your move: As we’ve discussed, the use of MDR services will likely be the standard for many companies, especially as industry and audience-specific MDR services emerge. Given this likely reality, companies who don’t have these services are more likely to fall victim to a potential attack and face elevated risk compared to companies who have invested in MDR.
How orgs should move forward for 2023
Given these shifts in the MDR landscape, organizations should push forward and consider the following:
Getting an MDR sooner than later: It’s clear that organizations can benefit greatly from MDR services but as the industry matures, they may find themselves struggling to find the right MDR partners. As more and more cyber leaders commit to having stronger cyber resilience, they’ll crowd the market, snatching up effective partners and leaving laggards with minimal MDR options.
Talk to your cyber insurance provider: If you have cyber insurance (you should), make sure you know exactly how the information given by an MDR and other telemetry sources will be used by your cyber insurance provider. Having clear communication will help set expectations accordingly.
Don’t fall into a managed services trap: Effective MDR services should provide comprehensive services and be able to expand their offerings depending on what your organization needs. We recommend prioritizing having a single MDR provider instead of multiple point solutions that offer separate managed services for smaller tasks or separately bundled solutions. These likely will result in the same vendor complexity and overload issues that currently plague many security teams.
The advent of MDR and other managed services is poised to make a huge impact on organizations and vastly improve their overall cyber resilience and minimize damage cyber attacks can do. However, cybersecurity leaders still need to make informed decisions on how to approach working with an MDR provider. These landscape shifts will help leaders understand the nuances within the MDR industry and how it interacts with the shifting elements in cybersecurity. By having an understanding of these environmental shifts, cybersecurity leaders can help their organizations move even further with their cybersecurity efforts.
For a deeper dive on what's ahead for 2023, check our Cyber Intelligence Fusion Cell's (CIFC) Threat Assessment whitepaper.
Gartner® is a registered trademark and service mark of Gartner, Inc. and/or its affiliates in the U.S. and internationally and are used herein with permission. All rights reserved.
¹Gartner, Market Guide for Managed Detection and Response Services, Pete Shoard, Craig Lawson, Mitchell Schneider, John Collins, Mark Wah, Andrew Davies, 25 October 2021.
²Forrester blog: Predictions 2023: Security Pros Face Greater Internal Risks, by Heidi Shey, October 2022.