top of page
Search
emanuelmarkskog79

Why aren't MSPs offering more cybersecurity services?


Gridheart cyber security

Cybersecurity is a field that continues to grow stronger in the market and becomes more in demand as technology evolves. Despite this, many MSPs only offer the most basic security services. This raises the question: why aren't MSPs offering more cybersecurity services?


Why aren’t MSPs offering more cybersecurity services?


Some reasons are immediately apparent: Cybersecurity services can be expensive to develop. It can be challenging to find professionals to manage them, and many MSPs do not want to take on the risks associated with the industry itself.


However, not offering a sufficient cybersecurity solution can also be risky. Many customers genuinely need help securing their data, and if you can’t help them, they will find someone else who can.


Fortunately, it is not that complicated for MSPs to get started with offering cybersecurity services. In fact, if MSPs prepare well, there are virtually no obstacles at all for them to launch a well-equipped cybersecurity operation.


Don’t most MSPs already offer cybersecurity?


Yes and no. Data security is so important that it’s hard to imagine a service provider that doesn’t offer it. In an informal survey of MSPs, 92% of participants said that it is impossible to be an MSP today without offering cybersecurity.


However, cybersecurity in this case has a very broad definition. The survey defined it as "billing the client directly for a service whose sole purpose is to 'secure' something or someone." This can mean something as relatively simple as offering antivirus or patch management. This is probably why, according to another survey, 99% of MSPs already offer cybersecurity services.


While a fast-food restaurant and a Michelin-starred restaurant are both restaurants, they are hardly the same thing. They serve different purposes and audiences. Both can generate significant revenue, and many successful dining establishments fall somewhere between these two categories. The MSP market for cybersecurity is somewhat similar, ranging from providers offering the simplest services to MSSPs, who focus almost entirely on security and offer complex services (the second "S" stands for security).


There is growth in cybersecurity for MSPs

'

The real problem is that many MSPs do not offer enough services in the cybersecurity space. Many could offer services similar to those of MSSPs without necessarily becoming an MSSP. In other words, they could still provide essential functions beyond cybersecurity while also offering services that actively protect their clients' data. Given the projected growth in the MSP cybersecurity market, they should do so. However, many still do not.


Choosing not to enter the market for cybersecurity services is essentially the same as walking away from large amounts of money. Growth in the area is happening right now. Canalys predicted that revenues for managed cybersecurity services would grow by 15% in 2024. More specifically, they predicted that revenues for Managed Detection and Response (MDR) would increase by a whopping 50%.


Common misconceptions that hold MSPs back from climbing the cybersecurity ladder


Offering cybersecurity services is not easy. There are some common misconceptions that prevent MSPs from taking the final step. Here are some of these misconceptions and how MSPs can overcome perceived obstacles:


Hiring cybersecurity experts is difficult and expensive

On the surface, this is true. But it does not necessarily have to be. For instance, the largest wave of layoffs in the tech sector in almost 25 years has left many cybersecurity professionals unemployed. Because of this, with a creative recruitment strategy, MSPs can find excellent individuals to manage cybersecurity without having to pay a high premium.


Cybersecurity infrastructure is difficult to manage

This issue goes hand in hand with the hiring challenge. Maintaining a relatively comprehensive cybersecurity practice requires time, expertise, and investment. This is one reason most MSPs do not offer complete cybersecurity services and instead opt for something relatively simple to set up, such as antivirus or patch management.


The real growth, however, lies in services such as MDR, EDR, and XDR. These functions were the driving force behind 34% of MSPs expecting more than 20% year-on-year growth in cybersecurity revenue going into 2024.


Fortunately, MSPs do not have to go it alone when entering new areas of cybersecurity. Canalys reports that half of MSPs now operate in a hybrid delivery model for managed services, collaborating with vendors, other MSPs, and even customers' IT teams to offer more comprehensive cybersecurity services. A vendor that offers easy-to-use security solutions, excellent support, and regular training can be an important catalyst for MSPs looking to expand their cybersecurity offerings.


There is too much risk in offering comprehensive cybersecurity services

There is no denying that many clients who suffer a data breach will point to a failure on the part of an MSP security provider as the cause of the attack. It’s part of being in the security business. MSPs can potentially be held liable for customer damages.


However, none of this should scare MSPs away from boosting their cybersecurity offerings. MSPs need to be upfront about the services they provide; anyone working in cybersecurity knows that you can’t promise that a breach will never occur. A smarter strategy is to explain exactly what your security services do and how they can help clients respond to or minimize damage from an intrusion.


Additionally, both MSPs and their clients should invest in cyber insurance. It is the most effective way to protect companies from liability issues, and it generally is not a large investment in terms of cost. MSPs can market cybersecurity services as a way to help their customers reach a protection level at which they can purchase cyber insurance. Most insurance providers have minimum protection requirements that a company must meet before they can open a policy.


Do you have questions or want more information about this? Feel free to contact us here, and we will help you with everything you need :)


Comments


bottom of page