When U.S. News and World Report reviewed the 10 best technology jobs for 2017, a career in information security analysis ranked seventh on its list. For good reason: Cybercrime now costs the U.S. economy more than $100 billion a year and organizations are keen to hire the best talent that money can buy. In fact, the median annual salary for these positions is $90,000 – and even higher in tech meccas such as San Francisco and New York City.

Unfortunately, another reason that salaries are so high is that the supply is so low.

When it comes to cybersecurity, there are more than 200,000 , a number that’s expected to climb to 1.5 million by 2019. Organizations continue to struggle to hire additional staff for cybersecurity analytics and operations, two job functions that are increasingly vital in cyberdefense. Other high-value skills are also in critically short supply, such as intrusion detection, secure software development and attack mitigation.

Since the talent shortage is likely to linger for quite some time, the onus is on businesses to either develop needed cybersecurity skills or look for outside help. Indeed, in many cases, outsourcing security may make the best sense.

Mind the Gap, Please

Indeed, more businesses than ever are turning to third party organizations that specialize in offering security services. In the latest AT&T Cybersecurity Insights report, results from an AT&T survey of U.S., APAC and EMEA organizations showed that about a quarter of the respondents use outside consultants to handle their information security.

The shortage of available talent only amplifies the appeal. Small and midsize businesses are less likely to be in a position to bid for the services of expensive cybersecurity specialists. What’s more, their resources are often stretched thin and they may lack the bandwidth to adequately perform security functions internally.

Even for larger enterprises, there are many instances where it makes sense to hand off certain specialized functions, such as penetration testing or threat intelligence. Going that route also helps free up existing security and IT staff to concentrate on other projects as they arise. Among the other benefits:

  • You get 24×7 support from a dedicated team of security specialists who can provide round-the-clock monitoring and management of intrusion detection systems and firewalls.
  • The organization has access to experts who are current with the latest security trends.
  • You no longer need to worry about patch management and software upgrades. Ditto when it comes to responsibility for making ongoing security assessments and security audits.

Figure out what you can take on yourself and what needs to get passed over to a third party. If your security infrastructure is in dire need of a reboot, the contractor should help with a needs analysis and then shape its services and monitoring capabilities to the organization’s needs. Any prospective provider should be expected to understand their customer’s business model.

And before signing anything, reduce the possibility of confusion down the road by figuring out how the outside security consultancy will integrate with your existing operations.