Cyber Security: Insourcing versus outsourcing

As cyber attacks continue to surge across Canada, organizations are continuously being challenged to mitigate complex cyber security risks.

In Canada, the average cost of a data breach for public-sector organizations has reached $2.8 million – and there are no signs of this slowing down as 2023 approaches.

Today, organizations are approaching managing cyber security in two ways.

The first is via cyber liability insurance. This insurance provides timely access to resources and guidance should a breach occur. As hackers are becoming increasingly sophisticated, organizations are transferring some of their risk to an insurer as a way to manage their risk tolerance.

The second is by creating and managing their own cyber security programs. For many organizations, standing up and managing a cyber security program often becomes a question of insourcing (‘doing it themselves’) or outsourcing (‘sourcing from some someone else’).

As organizations contemplate creating and managing their own cyber security programs, they should consider:

  • ‘True’ cost of delivery – in addition to purchasing hardware or software, what are the costs associated with designing, operating, managing and enhancing the service over its lifecycle?
  • Access to expertise – how accessible are resources and expertise? A single resource is unlikely to be able to do it all, and at all times.
  • Quality and time to value – how much time is needed to learn and hone a service so it can be delivered efficiently and effectively to users?

While there is no ‘one size fits all’ approach, the rapid evolution of the cyber security market is driving more organizations to consider alternative service delivery models – notably, managed services.

For more information on cyber security please contact danb [at] (Dan Blackburn), Senior Director of Growth and Innovation.