Managed service providers (MSPs) are increasingly expected to both manage and protect customers’ IT infrastructure, according to the latest data from SMB security solutions provider CyberSmart.
Conducted by OnePoll in spring 2024, the survey quizzed 250 senior leaders at UK-based MSPs and found that almost two thirds (65%) of customers expected their provider to either manage their cybersecurity infrastructure – or manage both their cybersecurity and IT infrastructure.
This shift towards offering security as a service has been noted by MSPs in their business and RFP meetings, CyberSmart revealed, with 73% of participants indicating ‘somewhat more’ interest from customers, while 22% said there was ‘much more’.
CyberSmart said this change in expectation among MSP customers can be linked to the security capabilities they possess within their own organizations.
The survey revealed that more than one-third (37%) of respondents said just 20% or less of their customers have an in-house specific cybersecurity role – meaning MSPs are called upon to bridge the gap.
The trend is also becoming apparent within the strategic and structural changes currently being implemented by MSPs. According to the data, 33% have increased their associated budget for their security capabilities, while 28% have upped their budget for regulatory capabilities.
In terms of recruitment, 28% of MSP leaders revealed they have made specialist cybersecurity hires, while 14% have taken on specialist regulatory-focused staff.
Commenting on the findings, Jamie Akhtar, co-founder and CEO at CyberSmart, said the shift in customer expectation and requirements “reflects a sea-change” in how MSPs must now operate.
“Managed Service Providers are a lifeline for many SMEs and the underappreciated backbone of much of our economy’s IT infrastructure,” he explained.
“As IT and cybersecurity threats become increasingly intertwined, it makes sense that managed service providers would begin to offer more security services.”
However, Akhtar cautioned that MSPs are also vulnerable to cyber attacks themselves and must be suitably prepared when adapting their offerings to prevent knock-on effects across their customer base.
According to the report, 87% of surveyed MSPs reported at least one data breach in the past twelve months – with many experiencing more than one.
“It’s important that they - and the wider security industry - do all that they can to empower MSPs to provide the security services they are now expected to with absolute confidence,” Akhtar said.
In terms of threats to their business, MSPs highlighted ransomware or malware infection (57%) as the number one issue, followed by inflation and spiraling costs (43%), and exploitation of unpatched or undisclosed vulnerabilities (41%).
Despite this, most MSPs said they possess confidence in their cyber literacy and confidence, with more than half (51%) stating they had a ‘fair’ amount of confidence, while 46% said they had a ‘great deal’ of confidence.
