The UK government has called out managed services providers (MSPs) as critical to the UK’s cyber defenses in its proposed Cyber Security and Resilience Bill.
A policy statement released on 1 April contains a section dedicated to the role and regulation of MSPs, stating that as they “play a critical role in the UK economy by offering core IT services to businesses” they’re a particularly attractive target for cyber criminals.
It lists two cases where this has already happened, the 2018 Cloud Hopper attack on MSPs and a 2024 attack on the personnel system of the Ministry of Defence (MoD). “These highlight the vulnerabilities of MSPs and by extension, the critical services they support,” the report says.
Therefore, the proposed Bill will bring an estimated 900-1100 MSPs into the scope of the rules laid out in the Network and Information Systems Regulation (NIS) 2018.
The government does acknowledge that MSPs will likely incur additional costs as a result of the regulation; it claims “these investments will position MSPs as trusted and reliable partners in the cyber security landscape”.
Commenting on the contents of the proposed Bill Colette Kitterhing, vice president of Netskope UK and Ireland, said bringing suppliers including MSPs into the scope of this regulation will "doubtless help the country to face down current and future threats through a general upleveling of the entire supply chain of public data”.
Supply chain attacks are a growing threat
Supply chain attacks have been a continuing threat to businesses since the late 2010s, and a common way cyber criminals gain access to organizations’ systems.
In March 2025, researchers at StepSecurity discovered a supply chain attack on GitHub Action put more than 20,000 organizations at risk. Meanwhile, research from SecurityScorecard found almost all of the companies in the UK’s FTSE 100 were exposed to supply chain breaches between March 2023 and March 2024.
When it comes to MSPs in particular, Kaseya’s 2025 State of the MSP Industry report found that 29% of companies in this sector were themselves targeted in a supply chain attack. Similarly, Acronis’ Cyberthreats Report, H2 2024 – published in February 2025 – showed that MSPs were increasingly targeted by malicious actors, including through phishing and supply chain attacks.
“The increase in the sophistication and number of attacks highlights the critical role MSPs play in protecting organizations by offering advanced security measures and incident response strategies,” said Acronis – something it seems the UK government is keenly aware of with this new cyber security legislation.
MORE FROM ITPRO
- MSP security confidence remains high despite facing a torrent of cyber threats
- Elevating compliance standards for MSPs in 2025
- UK Public sector at risk from supply chain attacks, new report warns
-
RSAC Conference 2025: The front line of cyber innovationITPro Podcast Ransomware, quantum computing, and an unsurprising focus on AI were highlights of this year's event
-
Anthropic CEO Dario Amodei thinks we're burying our heads in the sand on AI job lossesNews With AI set to hit entry-level jobs especially, some industry execs say clear warning signs are being ignored
-
Redstor and TitanHQ merge to create ‘MSP-first’ security providerNews The new business Redstor’s and TitanHQ’s solutions to create a unified and integrated MSP security platform
-
GoTo and Acronis partnership looks to bolster endpoint management for MSPsNews The new strategic partnership includes the launch of the LogMeIn Data Protection Suite powered by Acronis
-
SonicWall CEO Bob VanKirk hails ‘pivotal moment’ as firm unveils new MSP cyber solutionsNews The company is expanding its MSP solutions range and ramping up its focus on platform-based security
-
Bugcrowd’s new MSP program looks to transform pen testing for small businessesNews Cybersecurity provider Bugcrowd has launched a new service aimed at helping MSP’s drive pen testing capabilities - with a particular focus on small businesses.
-
The AI challenge for the channelIndustry Insights The democratization of AI has forced channel partners to evolve from security product resellers to strategic cyber resilience advisors
-
Elevating compliance standards for MSPs in 2025Industry Insights The security landscape is set to change significantly in the years to come with new regulations coming into effect next year, here's how the channel needs to adapt
-
Mimecast promises "unparalleled support" with new Partner ONE MSP programNews The revamped partner initiative combines API automation with ‘unparalleled support’
-
MSP security confidence remains high despite facing a torrent of cyber threatsNews A concerningly high number of MSPs have experienced a security breach in the last year, but confidence on their ability to respond still remains upbeat
