Pressure mounts on MSPs as enterprises flock to managed cybersecurity services

Cybersecurity concept image symbolizing third-party data breaches with give padlock symbols and one pictured in red, signifying a security breach.

(Image credit: Getty Images)

Organizations are relying more than ever on managed service providers (MSPs) for security as cyber risks skyrocket, and many are feeling the pressure.

More than half (58%) of MSP leaders believe customers are at more risk today than this time last year, and 84% said that customers now expect them to manage either their cybersecurity infrastructure or their cybersecurity and IT estate combined.

This marks a significant increase from last year, when the figure stood at just 65%.

More than three-quarters (77%) of MSP leaders told CyberSmart researchers that they're experiencing increased scrutiny of their own businesses’ security capabilities over the past 12 months - meaning that MSPs need to choose their cybersecurity partners carefully.

“In light of the recent uptick of cyber incidents targeting MSPs, it is unsurprising that customers are scrutinizing MSPs more,” said Jamie Akhtar, CEO and Co-Founder of CyberSmart.

“This means that it’s critical for MSPs to work with cybersecurity partners that are able to provide a high level of confidence and security for both their own and their customers’ cybersecurity to align with increasingly stringent expectations and rising threats.”

Just over eight-in-ten MSPs have increased their spending on specialist cybersecurity hires, researchers found, while 78% have upped spending on their security capabilities.

Similarly, six-in-ten have invested in specialist regulatory hires while 64% have increased spending on regulatory compliance capabilities.

AI tops the list of worries for MSPs

The biggest security worry is AI, CyberSmart found, which is now the main headache for 38% of MSPs. Ransomware or malware topped the list for the same number.

Meanwhile, 35% were most concerned about insider threats and 32% flagged concerns over unpatched vulnerabilities.

This is a big change from last year, when malware and ransomware were the top worry for 55%, and inflation and spiraling costs for 43%.

However, the study also indicated that MSP customers may be underestimating the threat of supply chain attacks, which are now viewed as a significant risk by just one-in-five.

Over the last year, there have been a number of high-profile breaches of MSPs, including the Advanced Computer Software Group, fined £3 million by the UK's Information Commissioner's Office (ICO) over security failings that led to a ransomware attack on the NHS.

More recently, the DragonForce ransomware gang breached an MSP’s remote monitoring and management (RMM) tool in order to carry out a supply chain attack.

Of the 900 MSP leaders surveyed by CyberSmart, 69% reported being breached at least twice in the last 12 months - slightly up on last year - while 47% said they'd had three or more breaches in the last year.

"As trusted partners to millions of businesses across the globe, MSPs typically have access to clients’ infrastructure and inner workings," the researchers warned. "This renders them a highly lucrative target, whether for their own data or their clients."

MORE FROM CHANNELPRO

TOPICS

Emma Woollacott is a freelance journalist writing for publications including the BBC, Private Eye, Forbes, Raconteur and specialist technology titles.