Cybercriminals are relentlessly hacking websites to attack unsuspecting visitors, breaking into databases to steal customer information and trade secrets, and infiltrating executives' PCs to filch financial-account information.
Typically, only the largest of companies can afford an in-house security team with the tools and expertise to defend them in this kind of cyber war. Other firms, experts say, are now largely outgunned.
That's why a growing number of smaller companies are outsourcing the job to so-called managed security services providers. They offer state-of-the-art technologies and seasoned security pros at affordable prices because they spread the costs across many clients. Indeed, small- and medium-sized companies are expected to drive a near doubling in spending on managed-security services to $14.9 billion in 2015 from $8 billion in 2011, according to Stamford, Conn.-based research firm Gartner Inc.
Related: What to Do If Your Business Gets Hacked
Should you jump on the bandwagon?
Turning over computer security to an outside firm makes many managers nervous because they must give up direct control of critical systems. But doing so typically brings better security at a lower cost, industry watchers say.
Even if you can afford to hire your own security staff, it could be a challenge. "Security is so hot that good people are hard to find, and they're expensive," says Edward S. Ferrara, a security and risk analyst at Forrester Research. "So even if you wanted to build an organization [to provide your security], it would be hard to do that."
Security-service firms, however, have office parks full of experts. They likely employ people who have worked with other companies in your industry facing similar risks and challenges.
With these outside experts, you pay for only as much service as you require rather than the ongoing costs of a full-time staff and equipment. The size of your bill is typically determined by the number of computers and other devices being monitored or some other measure of the volume of work involved. For a small business, such flexible pricing is often appealing because expenses can grow or shrink along with your business.
Beyond potential financial benefits, security-service firms also can help small businesses focus on running their companies, says Ferrara. "If you make lawn mowers, make lawn mowers. Don't fiddle around with information security."
How to choose a provider.
A dizzying number of companies provide managed security services, including such giants as IBM, Hewlett-Packard and Verizon. You'll probably want to select a company with technology that can meet your specific security needs and provide a responsive support team. If you handle financial or medical data, the provider also should help you comply with data-security regulations.
If you're planning to outsource all your basic security needs -- including the defense of your network and the devices on it and the filtering of your email for spam, scams and malware -- you'll probably want to consider one of the soup-to-nuts services. Some of these companies offer cloud services that monitor your systems by running your traffic through their data centers before it comes to you. Some install equipment on your network that sends data to them for analysis and investigation. And others combine in-house and cloud technologies.
Among the companies serving small businesses are security-software giants such as Symantec Corp. and McAfee Inc. There are also a slew of specialized service providers to choose from, including Solutionary Inc., Perimeter E-Security and Dell's SecureWorks Inc.
If you're primarily concerned about securing your website, you might consider a new breed of startups offering specialized technology to sites of all sizes. CloudFlare Inc. and Incapusla Inc. can block security threats to sites while boosting site speed and performance.
Dasient Inc. can help keep malicious programs and ads off your site. And firms such as Prolexic Technologies defend sites from so-called denial of service attacks, or floods of bogus traffic that make a site unavailable to visitors.
You don't have to fend off cybercriminals all by yourself. There are plenty of services that can give your company effective protection at a reasonable cost.