Internal IT departments in companies around the world are reaching a wall. The traditional model in which companies managed their digital security themselves is no longer working in the face of threat automation and increasing regulatory pressure. A recent international survey of more than 840 IT managers by WatchGuard Technologies shows that the problem is no longer a lack of risk awareness, but a physical shortage of manpower and operational limitations of internal structures.
The threat landscape has changed dramatically with the advent of AI-powered cyber attacks. As many as 91 per cent of executives participating in the survey see AI tools in the hands of hackers as a serious threat. The impact of this new wave can be seen in the statistics, according to which three quarters of companies have experienced at least one security incident in the past year. Classic defences are reaching their limits, as modern attacks are no longer single, manual intrusion attempts, but massive, high-frequency automated campaigns. More than half of organisations explicitly admit that they do not have the technical or human resources capacity to provide continuous network monitoring on a 24/7 basis.
The situation is further complicated by a tightening regulatory loop. Regulations such as RODO, ISO 27001 standards or the stringent requirements of the NIS2 directive have made compliance a key factor in the selection of technology providers. For many internal structures, this is an unbearable burden, especially in regions facing a deep staffing crisis. In Germany, for example, as many as 40 per cent of companies rate their IT teams as understaffed, placing this market among the top countries with the greatest shortage of specialists. Globally, two thirds of respondents indicate that they need external support to meet new regulations, procedures and documentation requirements.
These market tensions are setting a new course for capital flows and permanently changing the role of managed service providers (MSPs). Companies are increasingly willing to abandon standard, boxed solutions in favour of external strategic partners who take responsibility for security policy and risk management. Already, nearly half of organisations are relying on external support. What’s more, the market is showing a high degree of budget flexibility, with 44 per cent of respondents saying they are willing to pay more, as long as systems are equipped with artificial intelligence-based defence mechanisms, capable of autonomous, early incident response and reducing operational complexity.
As Joe Smolarski, CEO of WatchGuard Technologies, concludes, today’s cyber security crisis is not due to a lack of knowledge or competence, but a pure human capacity deficit. Business understands the risks very well, but does not have the physical capacity to respond with the speed and scale that modern threats require. For specialised security service providers, this is a watershed moment that permanently transforms them from technical subcontractors into key long-term business partners.
