SMB Cybersecurity Research: The MSP Opportunity Explained

Credit: Getty Images
Author: Jay Ryerse, VP, cybersecurity initiatives, ConnectWise
Author: Jay Ryerse, VP, cybersecurity initiatives, ConnectWise

Cybersecurity has become a business-critical concern for small and medium-sized businesses (SMBs). Vanson Bourne conducted research on our behalf so we could fully understand the challenges that SMBs face and how MSPs can meet their needs. In light of their report, “The State of SMB Cybersecurity in 2022,” we believe there is a significant market opportunity to help SMBs protect against cyberattacks. 

Not surprisingly, small businesses are woefully underprepared to deal with the massive volume of new threats they face daily. According to Vanson Bourne’s report, their owners have little IT cybersecurity experience, so they often don't know what questions to ask or how to prioritize their limited resources. Two in three (67%) SMBs admit that their organization lacks the in-house skills to deal with cybersecurity issues properly. 

That's where managed service providers (MSPs) come in: MSPs can provide invaluable support through their knowledge of best practices and deep understanding of technology platforms across many industries. Meeting this need is an opportunity for MSPs to serve SMBs better while also growing their business. If you haven’t already, we recommend offering cyber-as-a-service to meet this market opportunity. Bundling hardware, software, support, and services into a simple package benefit both MSPs and SMBs.  

Read on to learn what the research uncovered and how MSPs can support SMB businesses.

The state of SMB cybersecurity

SMB cybersecurity has reached a point where it's no longer adequate for businesses to simply know what data they have and how it is protected. Today, companies must also understand how malicious actors operate—and what steps to take to prevent cyberattacks. They also need help navigating this space while staying focused on their business goals. 

The good news is that most SMBs are already taking positive steps toward improving cybersecurity, especially in light of the recent breach-related headlines. The research found that 73% of respondents agreed that their organization had reached a tipping point where cybersecurity concerns demand action, with 79% planning to increase their cybersecurity spending next year. While almost all (99%) say they're now using cloud services or software, only 22% feel confident that it's secure.    

Why MSPs must evolve their business model

Implementing cybersecurity best practices has long been a part of top MSP business plans and now represents a significant growth opportunity. We discovered three reasons that improving protection for customers is more urgent than ever:  

  • The need for innovation: The cybersecurity threat landscape is evolving at an accelerated pace, and the protection landscape needs to evolve in tandem. New vulnerabilities, threats, and attack vectors are being discovered daily, with an average of 1,500 new malware samples released daily in 2017 alone. The number of cyber incidents has increased by more than 300 percent since 2016, according to the 2019 Symantec Internet Security Threat Report. In addition, attacks are becoming more sophisticated. Hackers now use AI-based tools to automate processes while also targeting vulnerabilities found in third-party services such as cloud computing providers or IoT devices used by customers. 
  • Customer expectations are higher than ever before: Customers expect their MSPs to have the ability and expertise to provide them with rapid response times as needed to continue running their business operations without disruption. Customers also require that MSPs offer proactive monitoring against cyberthreats instead of reactive responses after an incident. They also want lower prices but higher-quality service from their MSPs, while vendors want higher margins from selling additional services through managed service offerings (MSE). 
  • Competition is heating up: Many managed security service providers (MSSPs) are entering the fray despite struggling with how best to grow their businesses amid increasing customer expectations. Retaining competitive advantages to stand out in this increasingly crowded market is crucial and represents an opportunity for MSPs to grow their business. 

How MSPs can help SMBs establish cybersecurity best practices

The first step for MSPs is to ensure they understand their clients' businesses. MSPs can then use the right tools to help clients manage their specific risks, establish a cyber defense, and stay compliant with regulations. They can also be proactive and transparent about what they do and why they do it and make themselves accessible so clients can ask questions if they have them.  

For example, if an MSP uses remote access tools in their services offering but doesn't explain how or why they use them—to say nothing of being flexible on pricing options—they miss the opportunity to build the kind of trusting partnerships with clients that can evolve into long-term business relationships. Businesses that work closely with MSPs often benefit from happier workers who are more productive at work because cybersecurity concerns don't distract from their mission. They have less downtime due to cyberattacks and experience fewer lost opportunities due to regulatory compliance issues. 

Start selling cyber-as-a-service today: Eight questions to ask

To start selling cyber-as-a-service today, you need to begin with a clear understanding of your customer's needs and challenges. You also need to clearly understand your capabilities and how you will price and package this service for sale. 

As outlined above, the first step is understanding the customer's needs and challenges. Some initial questions to consider include:  

  1. Do they have an existing incident response plan?  
  2. Are there currently any gaps or weaknesses in their IT cybersecurity posture? If so, what are they doing about it?  
  3. Do they have the resources in-house, or are they looking externally for help? 
  4. How much attention do they pay to cybersecurity news and updates from vendors like Microsoft or Cisco (or even smaller vendors
  5. like Carbon Black)?  
  6. What kind of budget do they allocate for IT cybersecurity each year?  
  7. How much are they willing to spend on further improvements via a managed services provider (such as yourself) that can offer expertise across multiple platforms?  
  8. Are they interested in adding the capability to address multiple concerns with one vendor (you) rather than just focusing on their own narrow, specific toolset or adding multiple vendor solutions? 

Learn more about what MSPs should know about cyber-as-a-service here. 


MSPs can be the solution to SMB cybersecurity woes. They have a unique opportunity to evolve their business model and become trusted advisors for their small business customers. MSPs could partner with organizations that provide complementary services, such as cybersecurity software vendors or third-party auditors, to ensure comprehensive coverage for their clients' IT environments. If MSPs expand their offering beyond essential monitoring and management, helping their SMB customers improve their cybersecurity posture will result in better business for all parties.

This guest blog is courtesy of ConnectWise and authored by Jay Ryerse, VP of cybersecurity initiatives. Read more ConnectWise guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.