Worawut - stock.adobe.com
CyberSmart: MSPs now expected to provide security
Customers are increasingly looking to their service provider to cover all bases, including data protection
The lines between managed service providers (MSPs) and managed security specialists are blurring, with customers expecting their partners to protect their data as well as manage infrastructure.
The pressure on MSPs of all kinds to provide security continues to increase, with research from CyberSmart underlining the shift in customer expectations.
Managed security service providers (MSSPs) are in a position to provide deep expertise around building defences and managing them, but even the average service provider needs to have the ability to protect data.
The CyberSmart findings revealed that 65% of MSP customers now expect their provider to manage either their cyber security infrastructure or both their cyber security and IT infrastructure.
“This change in customer expectation and need reflects a sea change in how managed service providers need to operate,” said Jamie Akhtar, co-founder and CEO of CyberSmart.
“Managed service providers are a lifeline for many SMEs [small and medium-sized enterprises], and the under-appreciated backbone of much of our economy’s IT infrastructure as such.
“As IT and cyber security threats become increasingly intertwined, it makes sense that managed service providers would begin to offer more security services.”
MSPs breached
That pressure to add more security services into the mix comes at a time when MSPs are themselves targets of cyber criminals. Research shared by CyberSmart earlier this summer indicated that 87% of MSPs had experienced a breach in the past year, with a number being hit multiple times.
“MSPs themselves are vulnerable to cyber attacks,” said Akhtar. “It’s important that they – and the wider security industry – do all they can to empower MSPs to provide the security services they are now expected to with absolute confidence.”
The CyberSmart research indicated that the majority of MSPs were the IT lifeline for their customers. More than a third of those quizzed indicated that only around 20% of their SME base had a specific security role assigned in-house.
The positives were that there seemed to be an awareness across the MSP respondents of that situation, with a third indicating they would be increasing the budget to bolster their security capabilities and similar numbers planning to improve their regulatory expertise.
Some MSPs have already hired security and regulatory experts to add extra depth to the options they can provide to users.
CyberSmart has been increasing the support it can provide MSPs, and Akhtar spoke to MicroScope last September about the need to help the channel cover the demands of SME customers that often didn’t have any policies or risk assessments to follow.
He warned last autumn that the attitude from smaller customers was changing towards MSPs, expecting them to provide more security. “More people are opting into an MSP,” said Akhtar. “But this gets really interesting where what people expected from MSPs changed. It started up being about delivering managed IT services, and over the past five years, the perception of SMBs and customers shifted towards, ‘If you supply my IT, then you should secure my IT, and if it gets hacked or if it breaks, that’s down to you’.”