MSPs are struggling with cyber security skills shortages

Cyber security concept image showing a digitized padlock sitting on a blue colored circuit board.
(Image credit: Getty Images)

Managed service providers (MSPs) are struggling to contend with rampant cyber security skills shortages, according to a new study by IT security firm Sophos. 

Human staff, Sophos said, “remain central” to effective cyber security, with skilled professionals necessary to “configure, deploy, manage, respond to, and update technology solutions”.

The long-standing cyber security skills shortage is hampering MSPs' ability to effectively perform their role supporting clients, the study noted.

“The shortage of skilled professionals is well-known, and organizations are increasingly turning to MSPs to fill the gaps, exacerbating the challenge,” the report stated. “Technology alone cannot automatically stop every cyber threat”.

Reflecting this problematic shortage of in-house cyber security skills, the report stated that 66% of MSPs use a third-party vendor to deliver managed detection and response (MDR) services.

On top of that, a further 15% deliver MDR services as a joint effort, through a combination of their own security operations center (SOC) and a third-party vendor.

MSPs indicated that hiring new cyber security analysts to keep pace with customer growth and the latest cyber threats was a considerable challenge. The survey revealed that 34% of MSPs that provide an MDR service have an in-house SOC which, in turn, necessitates in-house specialist analysts.

The pace of technology is an issue for MSPs

Keeping pace with the latest cyber security solutions and technologies was also a key issue, cited as the single biggest challenge facing MSPs by 39% of respondents involved in the survey. 

“Given the speed of innovation in this space, it is unsurprising that many MSPs are struggling to keep up. As threats evolve, so do the cyber controls that stop them,” the report stated.

There are difficulties in the provision of cyber security vendors as well, as the study revealed that over half (53%) of MSPs work with just one or two cyber security vendors, while 83% use between one and five.

According to Sophos, MSPs estimate a reduction of 48% in their day-to-day management time where they are able to manage all their cyber security tools from a single platform.


Other challenges facing MSPs included providing out-of-house coverage, such as on the weekends or during holidays, and winning over new customers.

“The speed of innovation across the cybersecurity battleground means it’s harder than ever for MSPs to keep up with threats and the cyber controls designed to stop them,” Scott Barlow, vice president of MSP at Sophos, said.

“When you couple this with a global skills shortage, which has made it infinitely more difficult for many MSPs to attract and retain cybersecurity analyst resources, it's unsurprising that MSPs feel unable to keep pace with the changing threat landscape,” he added.

George Fitzmaurice
Staff Writer

George Fitzmaurice is a staff writer at ITPro, ChannelPro, and CloudPro, with a particular interest in AI regulation, data legislation, and market development. After graduating from the University of Oxford with a degree in English Language and Literature, he undertook an internship at the New Statesman before starting at ITPro. Outside of the office, George is both an aspiring musician and an avid reader.