The UK government has called out managed services providers (MSPs) as critical to the UK’s cyber defenses in its proposed Cyber Security and Resilience Bill.
A policy statement released on 1 April contains a section dedicated to the role and regulation of MSPs, stating that as they “play a critical role in the UK economy by offering core IT services to businesses” they’re a particularly attractive target for cyber criminals.
It lists two cases where this has already happened, the 2018 Cloud Hopper attack on MSPs and a 2024 attack on the personnel system of the Ministry of Defence (MoD). “These highlight the vulnerabilities of MSPs and by extension, the critical services they support,” the report says.
Therefore, the proposed Bill will bring an estimated 900-1100 MSPs into the scope of the rules laid out in the Network and Information Systems Regulation (NIS) 2018.
The government does acknowledge that MSPs will likely incur additional costs as a result of the regulation; it claims “these investments will position MSPs as trusted and reliable partners in the cyber security landscape”.
Commenting on the contents of the proposed Bill Colette Kitterhing, vice president of Netskope UK and Ireland, said bringing suppliers including MSPs into the scope of this regulation will "doubtless help the country to face down current and future threats through a general upleveling of the entire supply chain of public data”.
Supply chain attacks are a growing threat
Supply chain attacks have been a continuing threat to businesses since the late 2010s, and a common way cyber criminals gain access to organizations’ systems.
In March 2025, researchers at StepSecurity discovered a supply chain attack on GitHub Action put more than 20,000 organizations at risk. Meanwhile, research from SecurityScorecard found almost all of the companies in the UK’s FTSE 100 were exposed to supply chain breaches between March 2023 and March 2024.
When it comes to MSPs in particular, Kaseya’s 2025 State of the MSP Industry report found that 29% of companies in this sector were themselves targeted in a supply chain attack. Similarly, Acronis’ Cyberthreats Report, H2 2024 – published in February 2025 – showed that MSPs were increasingly targeted by malicious actors, including through phishing and supply chain attacks.
“The increase in the sophistication and number of attacks highlights the critical role MSPs play in protecting organizations by offering advanced security measures and incident response strategies,” said Acronis – something it seems the UK government is keenly aware of with this new cyber security legislation.
MORE FROM ITPRO
- MSP security confidence remains high despite facing a torrent of cyber threats
- Elevating compliance standards for MSPs in 2025
- UK Public sector at risk from supply chain attacks, new report warns
-
LaunchDarkly to "double down" on observability with Highlight acquisitionNews Highlight's observability tools will be integrated into LaunchDarkly's Guarded Releases software deployment service
-
Samsung Galaxy Tab S10 FE reviewReviews The Tab S10 FE retains the feel and core capabilities of Samsung's high-end S10 tablets, but compromises on the display and the performance
-
Bugcrowd’s new MSP program looks to transform pen testing for small businessesNews Cybersecurity provider Bugcrowd has launched a new service aimed at helping MSP’s drive pen testing capabilities - with a particular focus on small businesses.
-
The AI challenge for the channelIndustry Insights The democratization of AI has forced channel partners to evolve from security product resellers to strategic cyber resilience advisors
-
Elevating compliance standards for MSPs in 2025Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
-
Mimecast promises "unparalleled support" with new Partner ONE MSP programNews The revamped partner initiative combines API automation with ‘unparalleled support’
-
MSP security confidence remains high despite facing a torrent of cyber threatsNews A concerningly high number of MSPs have experienced a security breach in the last year, but confidence on their ability to respond still remains upbeat
-
The business value of Zscaler Data ProtectionWhitepaper Understand how this tool minimizes the risks related to data loss and other security events
-
SailPoint's new MSP program targets broader cyber offeringNews The new initiative will help partners deliver SailPoint Identity Security Cloud to their global customers
-
BCDR buyer's guide for MSPsWhitepaper How to choose a business continuity and disaster recovery solution
