Skip links

The problem with the insource-outsource cycle

To insource or to outsource? That is the question for many businesses and organisations when it comes to their cybersecurity. Many businesses lack the resources and knowledge to find a solution that works best for them, opting for whatever’s easiest in the short term without thinking about their long term strategy for protecting their data. Often, this has the effect of creating what we call the ‘insource-outsource cycle’.

So, what is the insource-outsource cycle?

The insource-outsource cycle is a trap that countless businesses fall into where they regularly shift between employing an in-house cybersecurity professional and an external third-party supplier. In essence, the insource-outsource cycle looks something like this:

What’s the problem with the insource-outsource cycle?

When a business is stuck in the insource-outsource cycle, it can be difficult for a business to achieve value purely because the issue ends up cycling between too complex and too expensive.

Just one of the issues with the cycle include the fact that it creates multiple types and sources of data. With this kind of ‘evolving’ data, it can be incredibly difficult to keep track of what is where and who is responsible for what, making compliance almost impossible.

So how do you decide what solution is best for your business?

Weighing up your options

 There are many factors to consider when choosing your cybersecurity solution, including cost, risk profile, skillsets, and availability. However, there is considerable argument for at least working with a third party supplier in some capacity. For example, the median UK salary for a Security Analyst is £34,392 according to, whereas a third-party cybersecurity specialist will be a fraction of this price. For some businesses, such as smaller organisations, this is a deal-breaker when it comes to their initial decision. Another consideration for smaller organisations is the fact that there are limitations to the skillset of an individual cybersecurity professional. Even if your in-house security team is incredibly knowledgeable, your business’s skill gap is only set to increase should they choose to move on. Working with a third party cybersecurity supplier, on the other hand, gives you access to a wealth of skills and knowledge. However, many businesses do receive value from having a dedicated security professional working on site whose only task is to protect their business’s online assets as it allows them to regain control over critical processes. So how can businesses make the most of the options afforded to them?

The solution to the insource-outsource cycle?

While many businesses are turning to insourcing as a solution to their cybersecurity problems, outsourcing has shown to be continuing as an overall growing trend. However, this doesn’t mean that eventually businesses will ditch their in-house resources for a purely external supplier – just that there is an increased recognition for a multi-faceted approach to cybersecurity. As threats become increasingly more complex, so must our approach to tackling them.

Collaboration and flexibility is key in this respect. In order to be truly effective in identifying and responding to threats, businesses need to be prepared to welcome new technologies and tactics that will allow them to address their needs. True value in cyber security comes from tuning the solution to the environment. This can prove time consuming and difficult, but if we see the industry continue on its current trajectory, it’s likely that we’ll see an emergence of new cybersecurity strategies that combine the flexibility and all-purpose approach of external providers with the control of internal resource.

Looking for the best solution for your business? Talk to a Falanx advisor today to find out more about what’s required to secure your business.


Leave a comment