peshkova - stock.adobe.com
Vendor cyber skills gap threatens to underline MDR
Managed service providers require high levels of support, but a gap remains, and is threatening to reduce the ability to deliver some cyber solutions
Vendors must address the cyber skills gap if their managed security services are going to succeed.
The call for action was sounded at the Canalys Channel Forum, with the lack of expertise around services such as managed detection and response (MDR) holding back a growing managed service provider (MSP) market.
Canalys is forecasting overall growth of managed services in the channel over the next four years at an annual compound growth rate of 12% year-on-year. MSPs across EMEA generated around $137bn last year, and the expectation is that will reach $240bn by 2028.
A decent chunk of the growth is coming from managed security services, which is tapping into a continued area of customer concern.
The fly in the soup comes from the skills issues around security, with many MSPs unable to deliver the technical expertise needed for a managed MDR solution.
“There is a major issue in terms of how partners access cyber security services from vendors,” said Robin Ody, principal analyst at Canalys.
“That’s probably the biggest problem that we’re seeing in terms of the growth of managed detection response, which is essentially primarily based on the partner being able to leverage actual skills services from the vendors, and in some cases, resell those services to their customers,” he said.
Access to expertise
He added that those SME partners were looking for vendors to plug that gap and provide access to expertise. The portion of the MSP base that are security specialists and pitch themselves as MSSPs accounts for a maximum of 8% of the total base, according to the analyst.
“It’s incredibly important that the vendors invest in the skills to back that growth up,” he said. “Because while it’s true that we don’t have the same level of compliance and cyber insurance requirements in Europe, in the US we are getting there.
“The message to the vendors is they have to hire far more analyst skills in SOCs and threat analysis to fill that gap,” said Ody. “AI is doing a great job in many things, but it’s not filling that gap yet.
He said vendors had recognised the problem and that many were making sure they delivered MDR services that were fully supported to those partners, including MSSPs, that were not in a position to do so themselves. “That’s a huge growth area ... but if that’s not backed by an actual response service on the back end, the customers aren’t getting what they want,” said Ody.
He highlighted the problems some MSPs were experiencing in the US, where they were being sued by customers that had been breached, as one of the risks of failing to support services with skilled expertise.
Some vendors have stepped up their hiring activity, but Ody said there was still a significant gap that needed to be filled.
“I think at the moment, where we’re seeing a soft estimate probably about three times below, there is about a 300% gap between where we are now, [in terms of] capability, and where we could be based on the demand,” he said.
