Customers increasingly expect MSPs to manage their cybersecurity infrastructure, according to new research by CyberSmart.
The survey of 250 senior leaders at UK-based MSPs found that 65 per cent of MSP customers now expect their provider to manage either their cybersecurity infrastructure or both their cybersecurity and IT infrastructure.
Traditionally, MSPs have been expected to manage IT infrastructure for their customers, but now they are increasingly expected to protect this infrastructure too.
This interest in Managed Service Providers’ security capabilities has been noted by the MSPs surveyed in new business/RFP meetings, where 73 per cent suggested either somewhat more (51 per cent) or much more (22 per cent).
The expectation that MSPs should manage security as well as IT can be viewed as a response to the security capabilities which their customers have in-house: 37 per cent of respondents indicated that only 20 per cent or less of their customers have a specific cybersecurity role in-house, reflecting the need for MSPs to take ownership of cyber on behalf of their customer base.
This is reflected in strategic and structural changes taking place at MSPs. Respondents indicated they had made the following changes in the past 12 months:
• 33 per cent had increased the associated budget for their security capabilities.
• 28 per cent have increased the associated budget for their regulatory capabilities.
• 28 per cent have made specialist cybersecurity hires.
• 14 per cent have made specialist regulatory hires.
“This change in customer expectation and need reflects a sea-change in how managed service providers need to operate,” said Jamie Akhtar, co-founder and CEO at CyberSmart. “Managed service providers are a lifeline for many SMEs and the underappreciated backbone of much of our economy’s IT infrastructure as such.
“As IT and cybersecurity threats become increasingly intertwined, it makes sense that managed service providers would begin to offer more security services. However, as previous research has indicated, MSPs themselves are vulnerable to cyberattacks.
“It’s important that they - and the wider security industry - do all that they can to empower MSPs to provide the security services they are now expected to with absolute confidence.”