How cyber managed services can reduce complexity while driving value

As cyber environments grow complex, organizations prioritize vendor consolidation and managed services to regain control and deliver value.

In brief

• Fragmented cybersecurity environments with multiple vendors reduce visibility, increase cost and make it harder for CISOs to demonstrate value clearly.
• Vendor consolidation simplifies structures, but real impact comes from integrated delivery models that improve coordination, utilization and response speed.
• Managed services support scalable delivery and continuous improvement, helping organizations move from cost control to value-driven cybersecurity.

Cybersecurity has become one of the most heavily invested functions in organizations, with budgets continuing to rise. Among enterprises with more than US$1b in revenue, 72% now spend over US$10m annually on cybersecurity, and more than a quarter exceed US$100m, according to EY research.

And yet, for many leaders, it has become harder, not easier, to stay in control.

If you are a CISO today, this likely feels familiar: more tools, more vendors and more capabilities but also more complexity, more spend and greater scrutiny. In many cases, the challenge is the inability to see value clearly through increasingly fragmented systems and delivery models.

Most cybersecurity environments were not designed as integrated systems but have evolved over time, as vendors were added for specific strengths, tools introduced to address emerging risks and capabilities expanded in response to changing requirements. Each of these decisions made sense in isolation, but together they create a very different reality.

Complexity builds across processes, until what was meant to strengthen security begins to slow it down. This is where many organizations now find themselves.

Why fragmented environments are harder to control

Fragmentation in cybersecurity doesn’t usually happen all at once. It builds over time through handoffs between teams and misalignment across tools and providers. Organizations today use an average of 47 cybersecurity tools, according to EY research, often with overlapping functionality and limited integration, which makes coordination harder than it needs to be. For many CISOs, the challenge lies with getting those capabilities to work together effectively.

Bar chart showing the distribution of the number of cybersecurity tools used by organizations

That complexity shows up most clearly in day-to-day operations. Even routine incidents may pass through multiple systems or teams before resolution, with each handoff introducing delay and dependency. The impact is also structural. When multiple providers are involved, their base costs are effectively repeated, creating duplication that is not always visible at the outset.

A similar pattern exists in tooling. Different vendors often recommend or deploy different platforms based on their own ecosystems, leading to environments where several tools perform similar functions but are used only partially (tool sprawl). Over time, this results in a cyber stack that is both more expensive and harder to enhance.

At the same time, governance becomes more complex. Multiple vendors bring their own SLAs and operating models, which can make end-to-end accountability difficult to establish. What initially improves flexibility and access to experience can gradually introduce friction across the entire delivery chain.

External pressures are making this harder to sustain. Cybersecurity budgets continue to grow, but expectations are shifting. Boards and CFOs are asking more direct questions about efficiency and measurable outcomes. Geopolitical developments are influencing decisions around data sovereignty and service delivery. Regulatory requirements such as NIS2 and the Cyber Resilience Act are accelerating this shift, requiring organizations to assess compliance and sustain it through ongoing operational capabilities.

Talent constraints add another layer. In high-cost markets such as the Nordics, retaining cybersecurity experience remains difficult, while rapid advances in areas like AI are accelerating both threats and skill requirements.

For CISOs, this creates a fundamental tension. How do you continue to strengthen security while managing cost and keeping pace with change?

This pivotal question is now pushing organizations to rethink how cybersecurity is delivered.

In practice, most organizations are not moving to a single-provider model. Instead, they are adopting more deliberate structures - often separating core IT delivery from independent security oversight, while reducing the overall number of vendors involved.

Many are also moving toward co-sourced models, where strategic direction and governance are retained internally, and external partners support delivery at scale. While this can resemble traditional outsourcing structures, it often represents an intermediate step w- helping organizations simplify delivery without fundamentally changing how cybersecurity capabilities are operated or scaled.

What changes, ultimately, is not just the number of vendors or tools, but how the entire system behaves - how quickly it responds and how effectively it can deliver outcomes that matter to the business.

How managed services support scalable, value-driven cyber delivery

Simplifying the vendor landscape is only part of the solution. The more meaningful shift happens in how cybersecurity is delivered once that complexity is reduced.

Traditional models rely on dedicated teams aligned to individual services, which means that as requirements grow, teams grow with them. Over time, this creates a linear cost structure that becomes difficult to sustain, particularly in environments where demand continues to increase but budgets remain under scrutiny.

Managed services introduce a different model. Instead of building and maintaining dedicated teams for each function, organizations move toward shared delivery structures where capabilities are distributed across multiple environments. This allows resources to be used more efficiently, supports continuous coverage and reduces the dependency on fixed team sizes.

In practical terms, it also changes how organizations scale. Rather than hiring additional specialists every time new requirements emerge, they can access capabilities as needed, which is particularly relevant in markets where talent is scarce and expensive.

This is what allows cybersecurity to move beyond its traditional role as a control function. This shift reflects a broader change in the operating model: from delivering isolated services to running cybersecurity as a continuous, outcome-led capability.

As delivery becomes more integrated and efficient, it becomes easier to connect effort to outcomes. This drives improvements in reliability, quality and response times while linking cybersecurity more directly to transformation initiatives, operational resilience and business growth.

How effectively is your managed services model driving value?

Research shows that cybersecurity contributes 11% to 20% of the value of enterprise initiatives, according to the EY 2025 Global Cybersecurity Leadership Insights Study, yet 58% of organizations still struggle to articulate that value beyond risk mitigation.

Managed services play a central role in supporting this shift, by improving how capabilities are delivered, integrated and continuously enhanced. In practice, this translates into more reliable operations that help organizations improve resilience and support more consistent business performance.

In practice, this is where many organizations are now focusing — moving beyond simplifying vendors to reshaping how cybersecurity operates end to end, and how it delivers value over time.

EY teams support organizations across this transition by combining managed services with deep industry insight, regulatory experience and consulting-led transformation. By integrating consulting and delivery, EY teams help organizations move from identifying cybersecurity gaps to continuously addressing them through managed services, so that improvements are sustained over time.

This approach is further strengthened through ecosystem orchestration and a transparent delivery model. This brings together technology, talent and innovation while maintaining visibility and control for the organization.

What comes next for cybersecurity leaders

As organizations rethink cybersecurity delivery, the priority is no longer just reducing complexity or cost but helping ensure that their cybersecurity model is delivering measurable impact:

• Simplify where it matters: Reduce fragmentation across vendors, tools and processes to improve visibility and control.
• Shift from effort to outcomes: Focus less on how much is being done, and more on what cybersecurity is actually delivering.
• Use managed services to scale effectively: Move toward shared, outcome-led delivery models that provide access to skills, continuous improvement and the flexibility to adapt as demand evolves. 

For many organizations, the next phase will be defined not by how much they invest in cybersecurity, but by how effectively they combine simplification with scalable delivery and how clearly they can demonstrate the value that cybersecurity creates for the business.