Most businesses rely on technology vendors and solution providers for at least 20 percent of their cybersecurity needs, and those who rely on them most will most likely go to them for more, according to the results of Cisco's 10th annual report on cybersecurity.

That's one of several findings from the report that indicate a robust market for security services.

It's not the only recent research that has heralded the market potential for security services. Last month,
Markets and Markets said the managed security services market is expected to nearly double between 2016 and 2020, from $17 billion last year to $33.7 billion, for a combined annual growth rate of 14.6
percent.

In addition, Cisco found that most companies call on more than five security vendors and have more than five security products, indicating how multifaceted the security industry has become.

Because cybersecurity is multifaceted, with businesses having to protect such areas as data, endpoints, networks and applications, a business must take a broader approach to protecting their infrastructures, says Carl Gersh, director of sales and marketing at Forthright Technology Partners, a solution provider based in Miramar, Fla.

Beyond the tools, businesses must have strong security policies in place for their workers to guard against the opening of a new vulnerability, otherwise, "you have a key under the mat" that will be exposed, Gersh told ITBestOfBreed.

The market opens up opportunities for solution providers, Dave Gronner, a senior manager with Cisco's Global Partner Organization, said in a statement.

"In today’s cyber security landscape, channel partners are playing a more crucial role in providing a first line of defense against cyber attackers than ever before," he said. As hackers across the globe have become more sophisticated, partners have realized the need to work with both customers and each other … to best address and thwart cyberattacks."

If you provide security services, here are four findings from the Cisco report you need to know:

NOT ENOUGH MONEY OR TALENT? The top constraints to adopting advanced security products and solutions are budget (cited by 35 percent of the respondents), product compatibility (28 percent), certification (25 percent), and talent (25 percent).

TOO MANY ALERTS, TOO LITTLE TIME OR RESOURCES. Due to various constraints, organizations can investigate only 56 percent of the security alerts they receive on a given day. Half of the investigated alerts (28 percent) are deemed legitimate; and less than half (46 percent) of those legitimate alerts are remediated. In addition, 44 percent of security operations managers see more than 5,000 security alerts per day.

THE PROBLEM OF THIRD-PARTY CLOUD APPS. Twenty-seven percent of connected third-party cloud applications introduced by employees into enterprise environments in 2016 posed high security risks. Open authentication (OAuth) connections touch the corporate infrastructure and can communicate freely with corporate cloud and software-as-a-service (SaaS) platforms after users grant access.

THE OUTSOURCING OPTION. Organizations recognize that they have to be creative to move beyond the constraints of talent, technology compatibility and budget. One strategy is to adopt outsourced services to strengthen the budget and also tap into talent that may not be in-house. Last year, 51 percent of security professionals outsourced advice and consulting, while 45 percent outsourced incident response. Meanwhile, 52 percent said they outsource services to save costs, while 48 percent said they do so to obtain unbiased insights.