How MSPs can capitalise on SMBs' security spending spree

Mockup image with padlocks to symbolise a cyber security vulnerability
(Image credit: Shutterstock)

Despite turbulent economic conditions bringing uncertainty to many corners of the business world, there is already a wealth of data that indicates small and medium-sized businesses (SMBs) are willing to spend big on security in 2023.

The figures are strong and tell an important story. Data taken from the Datto SMB Cybersecurity for MSPs Report, which considers the views of 2,913 IT decision-makers, shows that 42% of SMBs are prepared to increase their spending on security this year. Additionally, a further 40% plan to maintain their security spend, which typically comprises a large portion of any business’ annual IT budget. Nearly a third of businesses dedicate more than 20% to keeping attackers at bay.

Cyber attacks have, for some time, been widely considered the most significant threat to business continuity. They remain at record highs and for cyber criminals, no target is too small. What’s more, SMBs by their very nature are the most likely to lack the skills and experience needed to fend off and ultimately recover from a business-crippling attack.

MSPs have a huge role to play in securing the safety of SMBs around the world and with smaller organisations set to invest heavily into security this year, there is plenty of business out there ready to be snapped up.

The security needs of SMBs are myriad; MSPs are relied upon to provide best-in-class support when it comes to purchasing and implementing various technologies. These can include identity and access management (IAM), endpoint security, business continuity and disaster recovery (BCDR), phishing protection and more. The learnings on offer in the Datto SMB Cybersecurity for MSPs Report can help any MSP understand the current needs of potential clients and pitch their services in the most effective way possible.

The big MSP opportunity

Less than a third (31%) of SMBs report being entirely satisfied with the tools they rely on to protect against attacks. The latest figures show that SMBs are in need of confidence - confidence to navigate the web safely, and confidence that even if their staff fall for a particularly sophisticated phishing attack, no harm will come to that business’ clients.

Phishing attacks are the number one reason why SMBs have encountered security failings, according to the Datto SMB Cybersecurity for MSPs Report. More than a third (37%) said they fell for an attack that ultimately led to wider issues and 72% expect to fall prey to an attack in the next year. Malicious websites, problems with weak passwords, and cyber security training formed some of the other top issues affecting SMBs today.

With all of these threat vectors impacting businesses regularly, it means there are now plenty of opportunities to demonstrate to customers the necessity of having cyber security solutions that work. MSPs need to be able to guide customers along their journey, plug their security gaps, and show them the solutions that can be relied upon when the worst-case scenario eventually strikes.

Network and security

(Image credit: Shutterstock)

However, SMBs need more than products and solutions to their problems. They need a partner they can trust, one that can deliver a truly reliable service as well as training that delivers value. For example, Datto’s data shows that SMBs are fully aware that cyber security is a numbers game and that attackers will eventually succeed in breaching their systems. They need an MSP that can ensure the impact is minimal and their disaster recovery (DR) plan is robust.

Auditing a potential customer’s DR plan provides an opportunity for an MSP to demonstrate its expertise, identifying weak points that can be addressed. Nothing shows customers their MSP understands their business’ security posture more than one that can fix issues that haven’t yet been exploited. Luckily, SMBs usually have such a plan in place, but those that don’t will need support throughout the entire journey, as well as product recommendations too. Plus, given the average cost of downtime now being set at $126,000 per incident, SMBs must understand they can’t afford to skimp where it matters.

Only half of SMBs have the resources to manage their day-to-day security needs entirely in-house, according to the latest figures. Businesses that don’t have the capacity to recruit experienced security staff need a knowledgeable MSP with up-to-date expertise on the latest threats - powered by best-in-class tools - by their side.

Reasons to be fearful

It’s no secret that the cyber security landscape becomes more perilous every year. Cyber criminals perpetually lead the cat-and-mouse game by continuing to evolve tactics when defenders become wise to their act. The evolution takes a different form with each passing month, and the latest trend to be conscious of is attacks on cloud environments. Research from Netskope recently revealed that cloud-delivered malware attacks tripled over the course of 2022, so SMBs are increasingly looking to take their security skywards.

According to the Datto SMB Cybersecurity for MSPs Report, a significant chunk of SMBs are planning to make serious investments in the cloud over the next 12 months. Here lies a huge opportunity for MSPs to flaunt their expertise and to recommend tailored solutions their customers can trust to keep them protected. Almost half of SMBs are either considering new network security solutions (47%) or cloud security tools (45%) as ways to shore up their organisations’ defences. More than a quarter are also weighing up cloud purchases around email and endpoint security, plus BCDR too.

With so many choices between the numerous vendors all claiming to offer the best protection, SMBs - now more than ever - need a reliable partner to help them decide what tools are going to be right for their organisation.

Mockup of a hook fishing an email icon out of the ocean

(Image credit: Getty Images)

Indeed, the threat landscape looks markedly different than what it did two, three - even just one year ago. Phishing is still the go-to tool in a hacker’s bag of tricks, but ransomware is also evolving and ever-present. Various groups often target indiscriminately - it’s not just the biggest fish that get hooked anymore. Children’s hospitals, schools, and charities are all, unfortunately, fair game to the lowest criminals out there. Hackers don’t care about who gets hit, just whether they can pay.

Having effective tools in place that allow organisations to restore their data from backups is the key to surviving a ransomware attack in 2023. Datto’s figures show that 60% of IT decision-makers expect to succumb to ransomware in the next 12 months and most (70%) said the impact will either be ‘significant’ or ‘severe’.

Simply put, having trustworthy cyber security defences, implemented and managed by genuine experts, is imperative for SMBs in 2023 if they want to continue to thrive. The shortage of in-house expertise often leads to businesses looking for outside help and MSPs, armed with the right tools and service quality, can be the guiding light that helps their customers stay competitive and grow. Even through economic uncertainty.


ITPro is a global business technology website providing the latest news, analysis, and business insight for IT decision-makers. Whether it's cyber security, cloud computing, IT infrastructure, or business strategy, we aim to equip leaders with the data they need to make informed IT investments.

For regular updates delivered to your inbox and social feeds, be sure to sign up to our daily newsletter and follow on us LinkedIn and Twitter.