See our Outsourcing Provider Directory here

Research & Insight

SOC2

Compliance and Cybersecurity Market Explode

Ben Trowbridge

Terror, anxiety, bewilderment, and even boredom. These are the range of emotions many executives feel when they sit down to discuss their organization’s cybersecurity and compliance strategies. Then the realities of their budget and competing priorities kick in, and often the result, even after a significant industry breach, is they give faint attention to meaningful cybersecurity improvements. But now, a new trend is emerging: the client’s power to demand that their vendors achieve minimum compliance and cybersecurity standards. The hidden hand of the need to win vs. the fear of loss creates a new and powerful and will drive a lot of investment. ROI has finally arrived in Cybersecurity and Compliance-driven by the pressure of revenue growth. Compliance and its various certifications such as SOC 2, CMMC, and others used to be the domain of larger companies whose overall financial audit required them to complete a certification as a part of assuring that the proper controls, tools, and oversight were in place.  But Supply Chain risk has radically increased the numbers of companies who need to meet a compliance certification. The lever used to enforce compliance is a host of accessible-to-use, pre-configured, Third-party risk management (TPRM) platforms. That, in turn, is causing a massive uptick in the need for more cost-effective compliance certifications across a range of companies that up until a few months ago would not have been even remotely considered obtaining a certification and as a knock-on effect, a significant increase in cybersecurity improvements. Five clear trends are driving change in the cybersecurity and compliance market that present opportunity for early adopters and risks for cheerful followers. Trend 1: Technology, as well as Cybersecurity op-ex, is skyrocketing: CXOs have historically managed to keep technology spending down to 2-5% of operational costs (although spending in the banking and healthcare industries has been higher). The rapid adoption of cloud services and other technology outsourcing trends may have reduced or flattened capital budgets for IT, but it has had the opposite effect on op-ex. At the same time, the need to improve the underlying technology platforms and infrastructure on which compliance and Cybersecurity depend has led to vast increases in spending and continuous, ongoing evaluations of organizations’ compliance and cybersecurity health.  The net result of these changes will be that the total IT budget, including gray spending inside business units, will increase total Technology costs ahead of inflation. Companies/Sub-Markets to watch: Enterprise Platform services to manage Oracle, Salesforce, and SAP enablement and cloud migration. CASB and Architecture management managed services Cloud Enablement to AWS, Azure, and other platform integrators with managed services emphasis SD/LAN and service providers that can control all end-points Managed Services Provider Consolidation and morphing to Cloud Enablement Providers Don’t be surprised if the continued move to cloud ramps up your tech operating budget to 5-12% of total op-ex, with cloud, compliance, and security making up a large proportion of the increase. Trend 2: Taking third party vendor risk management to the next level: For years, clients have sought to manage their vendors more effectively across various requirements, including cybersecurity supply chain risk. As the risk of supply chain threats has grown, a massive amount of VC investment has been going into building out next-generation Third-Party Vendor Risk Management and GRC software platforms. These platforms mostly come pre-configured and continuously monitor tier 1 and tier 2 vendors’ compliance and control frameworks and certifications. Unlike the old school platforms that are complex to install and maintain, the new platforms come out of the box with feeds and APIs that allow almost continuous compliance management and double-checking that your vendors have appropriate controls and meet compliance standards such as SOC 2. Now that these platforms enable clients, a broad group of vendors can be required to certify that they also maintain a comprehensive series of controls and processes. This subtle change in the market is the hidden hand driving the rise of compliance and certification platforms and cybersecurity services to demonstrate controls. Companies/Sub-Markets to watch: IT Vendor Risk Management – ProcessUnity, SAI360, OneTrust, MetricStream, ServiceNow, Venminder, Prevalent, and others Governance Risk Management – Galvanize, ServiceNow, Riskonnect, LogicManager This is mostly net new budget spend that will be justified by reduced 3rd party risk, particularly in Cybersecurity. Trend 3: The rise of the compliance and certification platform: Driven by the rise of the TPRM platforms and the need to secure their enterprises, there is an increasing need by companies of all sizes to obtain and maintain compliance across a range of frameworks and standards. Because more of their clients are beginning to manage risk through their TPRM platforms, an ever-increasing volume of small and medium businesses need to obtain a SOC 2 at lightning speed on a tight budget. The need for a platform with prebuilt frameworks and security controls has developed. The range of certifications includes compliance standards such as SOC, FedRAMP, PCI, HIPPA, GDPR, ISO, HITRUST, and the new player CMMC rolling out in 2021. Innovative enterprises—from the small and panicking through to the large with complex compliance certification maintenance needs (and, by extension, monitoring their vendor ecosystem’s cybersecurity environment)—are rapidly adopting these platforms. Once the platform is implemented, they pay a monthly subscription on a 1-3 year contract, and most of their controls update automatically, providing continuous compliance. If you are a really small company, you can get a SOC 2 done pretty quickly as the platform will fill out most of the forms, provide you with control documentation, and essentially do the SOC 2 preparation for you. Using these platforms is better for almost every business but gets more challenging if you are a mid-size company with many offices handling sensitive client data. There seems to be a land grab in this space right now, which will be interesting to watch. Companies/Sub-Markets to watch: Sub/Markets: SOC 2 and CMMC, plus a range of other certifications, made it easy for clients to demand 3rd Party risk management and GRC platforms Companies: Tugboat Logic, Drata, Secureframe, Vanta, and a …

"*" indicates required fields

Start your outsourcing journey.

Book a call with an outsourcing expert now

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

This guide will walk you through some areas most important when outsourcing, such as
  • Identifying Your Outsourcing Needs Intelligently
  • Research & Selection
  • The Bidding Process
  • Contracts & Agreements
  • Implementation & Onboarding
  • Ongoing Management
  • Evaluating Success
  • Additional Resources

Book a call with an outsourcing expert now

This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Become an OC Partner
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Media Inquiries for OC
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Subscribe to our Newsletter
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Submit Press Release
Accepted file types: pdf, doc, docx, Max. file size: 8 MB.
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Submit an Article
Accepted file types: pdf, doc, docx, Max. file size: 8 MB.
This field is for validation purposes and should be left unchanged.

"*" indicates required fields

Request Ben Trowbridge as a Keynote Speaker
This field is for validation purposes and should be left unchanged.

Go to standard quote

Exclusive Enterprise Assistance

  • Independent
  • Trusted
  • Transparent

Offshore staffing solutions for enterprise. Independent expertise, advice & implementation

  • 200+ Firms, Global Reach
  • Offshore, Nearshore, Onshore, Rightshore
  • Managed Request for Proposal (RFP)
  • Assisted Procurement Processes
  • Vendor Management
  • Unique Build Operate Transfer model
  • Captive & Shared Services
  • Champion-Challenger
  • Multi-site, multi-vendor, multi-source
  • Managed Solutions

For Enterprise and large teams only

  • Book 20-minute consult, obligation free

You will get:

  • Needs Analysis & Report
  • Salary Guidance & Indicative Pricing
  • Process Map

Only takes 1 minute to complete the form

Get Started

Not an enterprise?

Go to standard quote