Cybersecurity has always been a part of an MSP’s portfolio of services. In 2022, however, it is essential and mission-critical to any company’s ability to stay competitive and credible. The reality is that no customer-facing technology or business solution should exist without security considerations.
CompTIA’s 2021 State of Cybersecurity Report
The threat landscape continues to loom large, increasing both the number of attacks and methods used. A singular data breach could be exceptionally costly to an organization – upwards of several million dollars. Breaches also waste significant amounts of time and can severely damage public reputation. Malware, ransomware, and viruses are still a serious concern, made more challenging by new methods of attack. Supply chain attacks continue to occur, while ransomware also proliferates the landscape. The more common threat of human error is also still a factor, thwarting user-level security.
The MSP has entered the scene as the protector of its client’s technology environment. In the past, cybersecurity existed as a standard offering from an MSP – including components such as antivirus and firewall software. Over the last several years, MSPs have been forced to implement increasingly sophisticated cyber security services.
In 2020, MSPs cited the need for updated cyber expertise, and in 2022 more than half (54%) continue to assert that cybersecurity skills and specialization are necessary features of MSPs – services including penetration testing, ransomware protection, cyber insurance, and compliance offerings.
In general, MSPs have significantly improved their cybersecurity skill sets over the last two years to meet the rise in cybercrime.
- In 2021, 28% of MSPs acknowledged being behind their cybersecurity services goals
- In 2022, that number dropped by half, to 14%.
- Cybersecurity accounts for 10%-50% of revenue for 77% of MSPs.
- 16% of MSPs report that cybersecurity dollars will make up more than half of their total revenue by 2024.
In the last two years, MSPs have employed many methods to gain more proficiency in the cybersecurity market.
- In the last year, 42% of MSPs hired employees with specific cybersecurity skill sets including applications, network security, identity management, data analysis and penetration testing.
- MSPs are also hiring personnel that comprehends the regulatory and compliance landscape or are able to train people on cybersecurity best practices.
- 41% of MSPs retrained their existing employees to update their cybersecurity skills.
- 36% of MSPs paid for their existing team to obtain cybersecurity professional certifications.
- 44% of MSPs report that they partner with peers to address cybersecurity skills gaps.
- 36% of MSPs have increased cooperation with vendors or other security resources to address cyber concerns.
Final Thoughts from the Study
MSPs have primarily addressed their internal security posture issues by increasing their cybersecurity budget. Other initiatives include investing in the education and certification of personnel, working closely with vendors, and hiring a chief information security officer (CISO) onto the staff.
The 2022 study had a very upbeat conclusion. While in 2021, 62% of MSPs were “very concerned” about cyber threats to their network, that number dropped drastically to 38% this year. While presumably not resting on their laurels, the confidence indicates MSPs are seeing good results from their initiatives and efforts.
Alliance IT is a Sarasota-based managed services firm. We provide a wide variety of services, from cloud services and security compliance to consulting and disaster recovery.
