bridging the cybersecurity skills divide: the case for mssps

Bridging the cybersecurity skills divide: the case for MSSPs

By Kyle Pillay, Security as a Service Centre Manager at Datacentrix

JOHANNEBURG ' May 26, 2025 ' The global cybersecurity industry is facing a significant skills gap, with over 3.5 million positions remaining unfilled ' a shortfall that leaves businesses vulnerable to costly cyberattacks. In South Africa, this shortage is exacerbated by broader educational challenges, including literacy barriers in marginalised communities. Cybersecurity roles require a strong foundation in IT, and a deep understanding of how data moves, as well as its confidentiality, integrity and availability requirements. This complexity presents a challenge for many aspiring professionals.

At the same time, the increasing sophistication of cyberthreats has placed organisations at greater risk than ever before. Ransomware, phishing, social engineering and distributed denial of service (DDoS) attacks have all become more prevalent, while advancements in Artificial intelligence (AI) and the dark web are empowering cybercriminals, making traditional detection methods ineffective.

Against this background, the outsourcing of an organisations cybersecurity defences to a Managed Security Service Provider (MSSP) can offer a viable and cost-effective solution to these challenges.

A companys security posture directly affects its trustworthiness, so a security breach erodes customer trust and can result in severe financial and reputational damage. The rapid evolution of technology compounds this issue, with AI, the expansion of the internet and the increasing influence of the dark web presenting additional challenges.

The dark web operates beneath the visible internet and hosts AI-driven platforms for cybercriminals, enabling them to launch sophisticated attacks. Modern cyberthreats are no longer easily detectable through traditional means, and attackers use AI to evade detection by learning security thresholds, making brute-force attacks more effective over time.

As threats evolve, the demand for expert cybersecurity teams increases, yet the skills shortage leaves organisations dangerously exposed. In addition, the responsibilities of the team are extensive and growing.

For example, good cybersecurity governance is essential. Frameworks such as King III, King IV and King V all emphasise the need for accountability at the highest levels of an organisation. Despite these guidelines, 70 percent of organisations report being impacted by the skills shortage, leaving them vulnerable to breaches.

Without adequate security professionals, businesses find it difficult to identify attack surfaces, detect ransomware, mitigate financial fraud and comply with regulations like GDPR (General Data Protection Regulation) and POPIA (South Africas Protection of Personal Information Act).

Training programmes also struggle to keep pace with rapid developments. Cybersecurity certifications often require years of experience and continuous education. Certifications like Certified Information Systems Security Professional (CISSP) require a degree and at least three years of experience in multiple cybersecurity disciplines. Additionally, the evolving threat landscape means professionals must constantly renew their certifications and stay updated on new threats.

Another example of the requirement for cybersecurity manpower is the structured response that is needed when a cyber incident does occur. A war room should be immediately established to contain and isolate the threat, followed by eradication, remediation and recovery phases, plus a root cause analysis to prevent future incidents. Once again, compliance with regulations, such as POPIA, is essential.

Patch and vulnerability management is an added critical component of cybersecurity. Organisations must stay ahead of zero-day threats, update firmware and apply security patches regularly.

Building an in-house security team is costly. In fact, aside from having to invest in expensive security software and hardware solutions needed, including security orchestration, automation and response (SOAR), AI, machine learning (ML) and Extended Detection and Response (XDR), the deployment of multiple technologies requires hiring at least 12 specialised security experts, significantly increasing operational expenses.

The answer to this could be a consumption-based cybersecurity service, which offers fixed costs with predictable pricing. This approach removes the need to manage licensing, certifications and security staffing internally, and provides comprehensive protection through a service model tailored to business needs.