MSPs grow wary over supply chain security threats

Cybersecurity concept image symbolizing third-party data breaches with give padlock symbols and one pictured in red, signifying a security breach. — (Image credit: Getty Images)

Supply chain cyber risk is now a top concern for managed service providers (MSPs) and their customers, according to new research from CyberSmart.

The cyber risk management provider’s 2026 MSP Survey found that 43% of MSPs and their customers experienced a cyber incident caused by or originating from a supplier or third-party vendor during the last 12 months.

Conducted by OnePoll, the research gathered responses from 350 MSP leaders across the UK and Ireland spanning a range of industries and customer sizes.

The results suggest that MSPs are becoming increasingly exposed to supply chain risk due to their privileged access to customer environments – making them attractive targets for cyber criminals seeking to use them as a gateway to potentially hundreds of organizations.

Latest Videos From

Watch full video here:

Among the respondents that experienced a supply chain incident, 39% said the breach affected only the customer, while 16% said it only affected the MSP. Meanwhile, 39% said both were impacted.

According to CyberSmart, this means over half (55%) of incidents involved the MSP in some capacity.

Despite this figure, the research found that 55% of MSPs still do not monitor for supply chain risk – while over a third (37%) only assess risk quarterly and 11% do so annually.

In terms of challenges, MSPs cited managing and enforcing security requirements in contracts (39%), third-party risk assessment and monitoring (37%), and the cost of securing and monitoring supply chains (36%) as the biggest hurdles.

“Supply chain risk has become a central concern for MSPs and SMEs as cybercriminals increasingly target interconnected business ecosystems,” commented CyberSmart CEO and co-founder Jamie Akhtar.

“MSPs sit at the centre of these environments, which means a single weak link can have far-reaching consequences for customers, suppliers and partners.”

Growing regulatory pressure

Elsewhere, the report also explored MSP preparedness ahead of the UK’s Cyber Security and Resilience Bill (CSRB), which was introduced back in November 2025 and brings providers into the scope of formal regulation for the first time.

The CSRB includes mandatory security requirements, stricter incident reporting, and greater accountability as MSPs become increasingly critical components of national cyber resilience.

According to the findings, 96% of respondents said they felt prepared for the legislation to a certain extent, while 45% described themselves as fully prepared.

Addressing key CSRB concerns

However, MSPs pointed to operational and organizational concerns rather than technology and software limitations as the biggest barrier to readiness.

Instead, they cited skills (41%), clearer customer expectations (41%), stronger support for managing third-party risk (41%), as well as better-defined roles and liability (39%) as key requirements going forward.

Increased liability and legal exposure emerged as the biggest concern linked to the new legislation, noted by 42% of the survey’s participants, with MSP leaders expressing concern over undefined accountability and how risk will be operationalized in practice.

Improving accountability and resilience

Despite these concerns, 77% said they believe CSRB goes far enough in helping to protect supply chain organizations – including MSPs themselves – from cyber risk.

When it comes to what can be done to improve protection for MSPs, participants highlighted clearer guidance and best practice standards (54%), stronger protections around shared liability (52%), and clearer regulatory frameworks specifically for MSPs (51%) as the top three potential improvements.

“What our research shows is that the industry understands the need for greater accountability and resilience, but MSPs also need clearer guidance, shared responsibility and continuous risk visibility to make that possible in practice,” Akhtar added.

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.

TOPICS

Dan is a freelance writer and regular contributor to ChannelPro, covering the latest news stories across the IT, technology, and channel landscapes. Topics regularly cover cloud technologies, cyber security, software and operating system guides, and the latest mergers and acquisitions.

A journalism graduate from Leeds Beckett University, he combines a passion for the written word with a keen interest in the latest technology and its influence in an increasingly connected world.

He started writing for ChannelPro back in 2016, focusing on a mixture of news and technology guides, before becoming a regular contributor to ITPro. Elsewhere, he has previously written news and features across a range of other topics, including sport, music, and general news.