Is Your IT Security Services Partner Prepared for 2025? 6 Additional Questions You Need Ask

If you’re one of the many organisations looking to swap out their managed security and IT services provider, you’ve probably experienced one of the following:

• Not happy with your incumbent provider
• An internal resource departed the org and don’t want to (or can’t) replace them
• You’ve grown beyond the scale of your current services
• Your clients and prospects require a higher level of compliance

In 2025, the significance of having a secure organisation has grown substantially. There is greater focus from boards, management and customers, and that has meant that organisations are demanding more from their IT and security services suppliers.

Of course, when evaluating a service provider look for the essentials like 24x7 monitoring, time to detect, remediate and recover, and the range of services that are on offer. An organisation’s capability can be ascertained by the types of certifications held, and customer testimonials give assurance that they are happy. But there’s more to consider when engaging with the market.

This blog will address the 6 additional questions I recommend you should ask your potential provider, as 2025 presents new challenges.

1. How do you tune the level of service to meet the needs of my business?

I recommend looking for a services provider who has the ability to dial up the level of protection as your business grows, and as the business environment you operate in changes. This flexibility is crucial because the security landscape is constantly evolving, with new threats emerging and regulatory requirements becoming more stringent.

For instance, as you expand your operations, you may need enhanced network security, more robust authentication methods, or advanced threat detection capabilities. A flexible provider can seamlessly integrate these additional layers of protection without disrupting your existing operations.

Contract terms should offer flexible agreements that allow for adjustments in services without significant penalties. This can include options for scaling services, adding new features, or modifying support level.

2. How often do you conduct service reviews?

There’s a saying that you shouldn't spend more on protecting your information than it's worth. The more your information is worth to you, the more budget you can potentially spend on it. But that doesn’t mean you should waste money.

It’s essential to do a quarterly business review to discuss what's happening in your environment and gain recommendations to unify the technologies you’re using and bring them in line with best practices. Information provided should include how firewalls and email gateways have been patched or upgraded, identities shut down, open ports managed, and any anomalies addressed. They need to be proactive in discovering dormant admin accounts and any shadow IT systems that could potentially expose data. Ask your potential provider for a (deidentified) report to understand the breadth and depth of their service.

3. How do you link with services and systems beyond the scope of our engagement?

It’s essential to be able to make a single phone call or have one point of contact for the management of all key services. A direct link between the NOC and the SOC will reduce the time to contain and resolve any incident. Make sure you know how issues will be escalated and tracked.

The service provider should be connecting the dots. There is a lot of adjacent telemetry that makes a completely secure environment: backup and recovery systems, network connectivity, cloud service providers, and identity management systems, just to name a few. Choose a provider that is willing to get familiar with the full extent of your IT environment.

4. Australia has complex rules and regulations concerning levels of security and breach notification. Is the provider familiar with these regulations, and has the experience needed to help my business?

Under the Notifiable Data Breaches (NDB) scheme, any organisation or agency the Privacy Act 1988 covers must notify affected individuals and the Office of the Australian Information Commissioner (OAIC) when a data breach is likely to result in serious harm to an individual whose personal information is involved.

Additionally, industry regulations may require you to do further assessment and rectification. Bodies include the National Health Practitioner Ombudsmen (NHPO), Australian Prudential Regulation Authority (APRA), and the Critical Infrastructure Act 2018 requires certain organisations to immediately send a notification to the Department of Home Affairs. If you hold an Australian Financial Services Licence from the Australian Securities & Investments Commission (ASIC), breaches may well be a reportable event. There are many others who may need to be notified, including the ATO, and State or Territory Privacy and Information Commissioners. Does the provider have experience in working with these bodies and can provide expert assistance in the instance of a breach?

A breach will result in a detailed forensic investigation. To avoid a fine (which can potentially put your business in jeopardy), you may also need to provide a raft of information artefacts - evidence of mandatory training sessions, clearly defined procedures, evidence of identity management, and details of logs stored for more than 90 days, or 12 months in some cases. Ensure your IT provider has experience doing this and can produce the goods when needed.

5. Are you proactive in keeping my defences up to date?

A provider who switches on their service and leaves everything as status quo will miss evolving threats. Check how the provider ensures that all software and systems are regularly updated with the latest security patches to close any vulnerabilities that attackers could exploit. In addition, the ability to conduct regular vulnerability assessments will help identify and mitigate potential security weaknesses in your infrastructure. Do they have that capability?

The advantage of Australian service providers is that they will see indicators of behaviour and compromise in existing clients and can apply this threat intelligence to your environment before you experience an incident.

Look for a provider that stays updated with the latest technologies and can integrate new tools and solutions as they become available. This ensures your business benefits from the most advanced security measures.

6. How do you integrate AI into your service?

There are several key ways providers can integrate AI into their service. Ask your provider if they are leveraging AI in these areas:

1. AI-Powered Threat Hunting – AI-driven behavioural analytics help MDR providers proactively identify anomalies and potential threats before they escalate.
2. Automated Incident Detection & Response—AI enhances real-time monitoring, allowing MDR platforms to detect ransomware and other cyber threats instantly.
3. Machine Learning for Adaptive Security – AI models continuously evolve, learning from past incidents to improve detection accuracy and reduce false positives.
4. Dark Web & Threat Intelligence Analysis – AI scans vast amounts of data, including dark web forums, to identify emerging threats and vulnerabilities.
5. Human-AI Collaboration – AI handles large-scale data processing, while human analysts validate risks and guide response strategies, ensuring a balanced approach.

Vectra's leading Managed XDR service powered by the DEVO platform

Vectra's XDR security service, powered by Devo, helps you

• Gain in-depth visibility, staffed by global experts 24x7 - to proactively improve your security posture
• Detect and resolve sophisticated threats faster - using automation and AI to reduce security alert overload
• Manage risk and comply with regulations
• Experience predictable pricing - seamlessly integrating with your current environment

Read more about our XDR service here: https://www.vectra-corp.com/services/vectra-xdr/