A stereotypical view of cybersecurity extends the physical security metaphor, with servers bolted down with chains and only the most privileged employees allowed anywhere near them. However, doing cybersecurity thoroughly now encompasses entire supply chains, with weak links across suppliers, channel partners, and Managed Service Providers (MSPs) causing exploitable vulnerabilities of monumental proportions.
What’s often misunderstood is that many channel partners and MSPs sit directly in the middle of the modern supply chain. They frequently hold elevated access into multiple customer environments, operate critical components of those environments, and act as extensions of internal IT teams. This makes them unusual actors in the security ecosystem: they are simultaneously prime targets for attackers and frontline defenders for the organizations they support.
The cyber attacks that plagued numerous UK companies in 2025, including The Co-op, Harrods, M&S, and Jaguar Land Rover, forced many organizations to re-examine their security posture as the perimeters are redrawn so much more broadly. The M&S incident, which rendered online systems inoperable for weeks and led to a £300 million profitability hit, originated via a third-party supplier. And most recently, Salesforce confirmed they have faced two third-party incidents in one year, via its SaaS partner Gainsight.
Research we conducted before these high-profile incidents indicated that 42% of organizations had concerns about vendors triggering major cyber incidents. Given the recent supply chain breaches we have seen, we suspect that this figure is now underrepresentative. Even organizations that have zero-trust architecture and state-of-the-art disaster recovery plans are still vulnerable to human weaknesses across their whole extended supply chain.
These examples, among many others, highlight how much more complex the challenge is now: what happens when the breach originates with a partner who has deep, sometimes privileged access into your environment?
Channel partners and MSPs are part of the infrastructure
For many organizations, channel partners and MSPs are core building blocks of the operational estate. They manage cloud platforms, identity systems, monitoring tools, development pipelines, endpoint fleets, and security controls. In other words, they are part of the infrastructure.
This interconnectedness means that if an MSP is compromised, attackers may gain horizontal access to the environments of multiple customers at once. The Kaseya attack in 2021 demonstrated this at a global scale, but 2025 has shown it’s now a mainstream, recurring risk.
As a result, organizations must shift their mindset from “suppliers supporting the business” to “suppliers embedded inside the business architecture.” Visibility, governance, and shared security controls across MSP-managed systems are no longer optional but essential for maximum protection.
Protecting the human layer
Recent breaches have been attributed to human vulnerabilities in organizations that supply products and services to others. The M&S incident appears to have been borne out of a social engineering tactic, giving an entry point into the organization that bypassed regular technical defences. These attacks are successful not through sophisticated technical exploitation but by manipulating individuals who already have legitimate access to systems.
Artificial intelligence (AI) has amplified these risks by scaling up more sophisticated social engineering attacks. AI-powered tools enable attackers to create more convincing phishing emails, generate realistic deepfake communications, and personalise attacks based on information gathered from social media and other public sources. AI has effectively lowered the barrier to entry for cybercriminals and also increased the potential impact of their activities.
While many organizations have invested heavily in internal cyber-awareness programmes, the new reality is that every supplier and MSP with environment access must be held to the same behavioural and security standards. Regular compliance checks, audits, and zero-trust approaches must be extended to the partner ecosystem. Without continuous validation, the most secure organization may still be exposed through a partner’s weakest link.
The importance of resilience and recovery
After the security challenges of 2025, it's naive for anyone to believe that a complete modern security posture will prevent every breach. Beyond prevention, organizations must be able to detect, respond to, and recover from threats, including those triggered within their partner ecosystem.
This is where visibility becomes critical. Organizations need centralized oversight of MSP-managed systems, identity access, configuration drift, and partner-initiated changes. Hidden dependencies, particularly those controlled by partners, can dramatically extend downtime if they aren’t identified and tested in advance.
Our research showed big gaps in organizations being prepared to recover, with 84% of them lacking a decent incident response plan, and only 16% finding them effective if they had them. This means that most organizations need to find time and effort to actually test their plans before they're really needed.
Organizations need to define Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs) for critical systems, and to have their eyes open to systems that might be hidden dependencies, including those run by third parties or their staff. These need to be tested regularly through drills - this helps identify dependencies and other challenges that may not be apparent when things are running normally.
Critical systems also require offline, immutable backups that cannot be compromised during an attack. Too often, organizations discover after an attack that backups managed or maintained by partners were incomplete, inaccessible, or misconfigured.
Conclusion
The events of 2025 show that cyber attacks are increasingly sophisticated and now exploit not only technical vulnerabilities inside an organization but also those embedded throughout its supply chain. MSPs and channel partners, sitting at the centre of this ecosystem, have become both high-value targets and vital protectors.
Effective cybersecurity now requires that these organizations and their partners give equal attention to prevention and recovery capabilities, with the time taken to get back online having similar importance as the essential preventive measures.
Those that fully understand and lock down their supply chain from a security perspective, implement strict access controls with zero-trust architecture, and have properly tested recovery plans will have the best chance of surviving the next wave of threats to cybersecurity.
Building AI readiness through clear workflows
Pure Storage snaps up 1touch in data management pivot
Ransomware protection for all: How consumption-based subscription models can lower the entry point for cyber resilience
Harnessing AI to secure the future of identity
Phantom firms: The rise of fraudulent cybersecurity vendors
What security teams need to know about the NSA's new zero trust guidelines
Redefining resilience: Why MSP security must evolve to stay ahead
Fears over “AI model collapse” are fueling a shift to zero trust data governance strategies
Ransomware is on the rise. Again
Poised for the future: Key cybersecurity growth opportunities for MSPs
