The results of a Raytheon commissioned Ponemon study released on June 7, 2016, shows that at least two-thirds of businesses wait until they have experienced a cyber-attack or data breach to hire and retain security vendors to help.

That statistic is consistent with this writer’s experience.

The survey, entitled “Don’t Wait: The Evolution of Proactive Threat Hunting,” included responses from 1,784 information security professionals in 19 countries on when they outsource network security activities. It also outlines factors important for success, barriers IT departments experience and challenges with retaining outside data security vendors.

According to the survey, 56 percent of respondent use managed security services (MSS) and 22 percent said they planned to engage an MSS in the future. 80 percent “view MSS as essential, very important or important to their overall IT security strategy. Further, 57 percent of the respondents said they rely on providers as they did not have adequate in house capabilities. Unfortunately, 84 percent of the respondents said that the MSS providers do not offer “proactive hunting services” and 80 percent stated that they need to update their IT strategies.

Other findings include that 54 percent of the respondents stated that their MSS provider found software exploitation more than three months old on their network, and that insufficient personnel and lack of expertise are challenges to implement a robust cybersecurity program.

Not surprisingly, the survey shows that 65 percent of the respondents “believe their MSSP leverages insight gained from monitoring a large number of security events from a global customer base: …and more than half say it effectively mitigates the risks after they are identified.”

Gaining insight from professionals who are seeing threats and responses through the lens of multiple incidents is insightful and essential to a cybersecurity risk management program. The point of the survey is to show that companies are still slow to outsource data security help until after an event, which is too late.