There’s a systemic cybersecurity problem in the IT world. Managed service providers (MSPs) and their SMB customers are treading dark waters trying to pull together realistic security strategies and approaches that will alleviate the repercussions they have been experiencing. For the SMBs, much of the problem can be attributed to the fact that they are lacking the necessary tools to proactively and reactively defend against threats and attacks. And for the MSP, much of the focus is looking in-house to evaluate the amount of training, skills and education their IT staff has to instill confidence in their customers.
Many SMBs recognize cybersecurity as a critical element to their organization, and lately, it has become a determining factor in whether they hire an MSP. Why? Because these businesses are feeling too vulnerable on their own. Cybercriminal methodologies are continuing to evolve, and their attacks are becoming more complex, more sophisticated and more targeted at the SMB. The risk of rolling the dice on a managed service provider that is ill-equipped to handle such threats is no longer in the cards as businesses realize they can’t hide from the fact that they have so much to lose.
If an SMB falls victim to an attack, the resulting financial toll can be massive. Sixty-four percent of these businesses have experienced a cyberattack, costing them nearly $54,000 on average, according to a 2019 report commissioned by Continuum. Businesses of this stature cannot afford to take hits like these, and therefore will seek out the MSPs that can support them in their effort to proactively defend against cyberthreats. What’s more, we’re finally seeing the pendulum swing as SMBs recognize this need for cybersecurity and begin to invest in it. In fact, according to Continuum’s report, SMBs are willing to spend 27% more for the right cybersecurity offering. For MSPs, this opportunity is ripe for the picking, but first, they must gain a better understanding of their customers’ needs and offer the right solution to address them.
The Root of the Problem
What’s troubling, though, is that MSPs are facing similar challenges to their SMB customers. In our latest study, “Under Attack: The State of MSP Cybersecurity in 2019,” we found that 74% of MSPs have suffered a cyberattack themselves. A new complex is unfolding where MSPs are now the target, and this is throwing them for a loop. On top of defending their customers’ businesses against cyberattacks, they must also protect their own business.
But why are these attacks on MSPs happening? It all boils down to one simple explanation: access. Recognizing that MSPs hold the keys to the kingdom for numerous SMB customers, cybercriminals have found a serious opening. And this just goes to show how the time has come for MSPs to embrace this harsh reality and come to the consensus that if they can’t protect themselves, they can’t truly protect their customers.
Yet one of the more interesting trends we uncovered through this study is that MSPs seem to be grappling with customer expectations. When asked about the benefits of working with an MSP, around half of SMBs said they expect increased security. However, MSPs’ confidence is not quite matching this expectation. In fact, 67% of MSPs admit that they are not fully confident in their ability to defend their customers against a cyberattack.
Like many issues, a lot of this problem comes down to education and skillset. It’s no secret that the IT industry continues to face the epidemic of a widening skills gap, which is very much relevant to these MSPs that are not confident in their security abilities and are struggling to defend their customers. Lack of skills and resources continues to be a significant challenge for MSPs, especially when it comes to cybersecurity. Our study found that 40% of MSPs say they fail to obtain and retain the skills necessary to deliver their cybersecurity services. With a market that is constantly under fire from cyberthreats, this is a challenge that must be addressed—and quickly.
Address MSP and SMB Challenges
Whether it’s through short presentations on security best practices, end user training or robust certification programs, education needs to be stressed in this industry, and this poses as an enormous opportunity for MSPs as we look ahead to 2020. Proactive education is a chance for MSPs to step in and be viewed as a trusted adviser in the eyes of their customers. Now more than ever, it’s important for MSPs and their customers to consider incorporating these types of programs into their IT strategies if they haven’t already.
Identifying where to begin can be the biggest challenge for any organization looking to right the ship, but the process can be facilitated by starting small. In this case, addressing the fundamentals is a viable starting point for both MSPs and SMBs where both parties acknowledge that success will come from placing a deeper focus on the educational element of their respective businesses.