Companies are finally realizing that cybersecurity threats aren’t just a passing fad — they’re here to stay, and they must be taken seriously. For many, it’s a lesson they’ve unfortunately had to learn the hard way. According to the Ponemon Institute’s 2018 State of Cybersecurity in Small and Medium Sized Businesses report, 67 percent of SMBs have suffered a cyber attack, with each attack costing an average of $383,365 in damage, downtime, and disruption.
For many of those companies, finding the will to improve security is no longer the problem — it’s finding practical ways forward without the benefit of in-house security expertise. The same Ponemon report found 74 percent of SMBs acknowledge they don’t have sufficient personnel to address IT security. Nearly half admit they have no understanding of how to protect themselves from today’s modern threats. It’s no surprise, then, that the majority are turning to managed services.
According to a recent Webroot study, 65 percent of SMBs currently procure IT services from an MSP or MSSP (managed security services provider). And 85 percent plan to increase spending on managed security services, in particular, over the next two years.
MSPs are reacting accordingly, with many racing to adapt their current service offerings to address this rapidly growing — and highly profitable — need. For 52 percent of the MSPs surveyed by Webroot, managed security services already make up 21 - 50 percent of their total revenue. But many see that as just the tip of the iceberg — 47 percent of MSPs expect revenue from managed security services to increase more than 20 percent over the next five years.
If you’re an MSP and you’re currently only offering basic security services such as firewalls and antivirus you’re in danger of missing the boat. Consider the following three reasons why extending your offerings and becoming an MSSP (managed security services provider) makes good business sense.
1) Your Customers Are Struggling to Hire IT Security Talent
The Center for Strategic and International Studies (CSIS) and Intel Security polled 775 IT decision makers who are involved in cybersecurity within their organizations and shared the results in a report, Hacking the Skills Shortage. One finding was that 82 percent of respondents reported a shortage of IT security skills at their company. Some of the specific skills missing included intrusion detection, secure software development, and attack mitigation. And, this shortage of IT security talent is driving up salaries for qualified candidates, making it even more difficult for companies to fill security vacancies.
An MSSP is the perfect solution to this problem. By spreading a qualified candidate’s salary among multiple customers, an MSSP can cover its costs (plus earn a profit) at a fraction of what a company would pay to hire an IT security specialist. Plus, by honing its security expertise, an MSSP can develop a broader range of skills compared to what one employee can attain. It’s truly a win-win.
2) Your Customers Are Primed For The As-A-Service Sales Model
With businesses becoming more accustomed to subscription-based IT services such as Office 365 (i.e., Outlook, Word, OneDrive, SharePoint), the concept of paying yearly (or even monthly in some cases) for IT services is becoming more widely accepted, especially among small to midsize businesses that understand this model gives them access to enterprise business features while staying within their budgets.
Your customers may already be receptive to applying the same subscription model to their IT security needs. Instead of purchasing security appliances and software licenses with limited capital funds (i.e., Capex), they may welcome the idea of an investment that offers up-to-date protection for a monthly fee.
3) Your Customers Need Cybercrime Education
Another factor driving companies to outsource IT security is the high rate of cybercrime and new forms of attacks that are becoming increasingly insidious. Whether it’s the rise of coordinated ransomware attacks, malware aimed at mobile computers, or emerging IoT (Internet of Things) security concerns, many companies are feeling overwhelmed.
MSSPs can play an invaluable role in educating customers about existing and emerging threats, helping clients develop security policies and procedures, assessing customers’ current security solutions, and recommending ways to reduce areas of vulnerability in a cost-effective manner.
All signs point to managed security services being a huge opportunity for MSPs. After all, your customers already trust you to keep their computers and servers up and running. It only makes sense to take the next step and continue to build trust that you can reduce their security risks, and, if a problem does occur, you’ll be there to quickly mitigate it.
Today's MSPs have to accept that being the target of a cyber attack isn't a matter of if but when. While securing your MSP business against modern threats may seem intimidating, the important thing to remember is that you don’t need to do everything at once. You just need to take the first steps and put a plan in place for gradual improvements. Focus on one thing at a time to minimize overwhelm and remember any improvements you can make now will be worthwhile and far less time-consuming/expensive than dealing with an active attack.
To help you get started, download our new checklist packed with practical tips and links to free resources.