MSP, Content, Sales and marketing, Networking

Can MSPs Grow Annual Recurring Revenue (ARR) 20% In A Sustained Way?

Male hand supporting the top step in staircase of wooden pegs with a glowing light bulb above it.

Can MSPs generate 20% annual recurring revenue (ARR) growth in a sustained way over the long-haul? To do so, MSPs would need to grow roughly twice as fast as the overall managed IT services market, ChannelE2E notes.

For some clues about where and how to grow, MSPs may want to steal a few pages from the Datto game plan. Indeed, CEO Tim Weller is positioning the MSP-focused technology company to deliver 20% sustainable revenue growth. How so? The answer involves a four-point plan that Weller described to Wall Street analysts on February 23, 2022.

The four-point plan, Weller noted, involves:

1. "The massive and expanding global MSP industry and our leading position within it."

Tim Weller, CEO, Datto
Tim Weller, CEO, Datto

The context: Datto serves more than 18,500 MSP partners — up 9% from 1,500 from the previous year. Moreover, roughly 1,400 of the MSPs spend at least $100,000 annually with Datto, the company indicated.

No doubt, the MSP market is growing. Most of the figures we see involve about 8% to 12% annual growth in the SMB IT services sector (depending on year and region). That's well-short of Datto's target 20% growth rate. But hot market segments such as managed security services (16% annual growth for best-in-class MSSPs) and managed detection and response (MDR at 16.7% annual growth) could help Datto to achieve and maintain its growth goals -- though the company will likely need to take market share from established and emerging rivals.

2. "Our product portfolio addresses the security needs of MSPs and their clients."

Originally known for backup hardware appliances tied to cloud services, Datto has aggressively expanded to offer cloud-centric software that allows MSPs to manage, monitor and safeguard SMB networks.

Ryan Weeks, CISO, Datto

Within the security market, Datto has developed and acquired a mix of people, products and processes help mitigate risk -- both internally and across its MSP partner base. For instance:

  • People: CISO Ryan Weeks has scores of direct reports. We don't know the exact number, but it's substantial.
  • Process: Datto was one of the MSP industry's early adopters of the NIST cybersecurity framework.
  • Product: In addition to home-grown data protection capabilities (such as the new Datto Continuity for Microsoft Azure), Datto acquired Infocyte for Endpoint Detection and Response (EDR) technologies and Managed Detection and Response (MDR) services. Also, Datto acquired Bitdam for threat detection capabilities.

Still, it's important to put Datto's progress in the cybersecurity market in context. The Infocyte acquisition essentially was a tuck-in deal. Indeed, Infocyte had been venture-backed — having raised $5.2 million in Series B funding from Toba Capital, LiveOak Venture Partners, and Feik Enterprises in 2018.

Within the MSP security market, the Datto-Infocyte deal counters:

All of those deals compete in some ways with Blackpoint Cyber, Huntress and other businesses that offer MDR to MSPs.

Meanwhile, many EDR companies are now massive, publicly held entities (examples: SentinelOne and CrowdStrike), and some MDR companies are privately held unicorns with valuations that exceed $1 billion (example: eSentire).

Roll all those points together, and Datto has a big base of loyal MSP partners and a growing portfolio of security options -- but cyber competition is intense.

Andrew Morgan, founder, Right of Boom
Sounil Yu, CISO, PlanetOne

MSP Security Sales: So, how can MSPs grow their own security revenues? I believe some answers surfaced during the Right of Boom conference -- hosted by Andrew Morgan and held in February in Tampa, Florida.

  1. Start by practicing proper security. That involves embracing the NIST cybersecurity framework, embracing the proper cybersecurity controls, and asking all of your MSP software suppliers these 10 security questions.
  2. Next, study the Cyber Defense Matrix from Sounil Yu, CISO of JupiterOne. The matrix helps MSPs to map and measure their security posture -- and customers' security posture.
  3. Finally, understand handoffs and responsibilities between MSPs, MSSPs and end-customers (see item 14 in this story, recapping the Right of Boom event).
  4. Decide whether your MSP is going to offer Left of Boom cyber services (i.e., pre-cyber event or breach) or Right of Boom cyber services (i.e., cyber recovery & investigation services) or both. Basically, find your focus. You can't do it all.

Once you have those four foundational steps in place, your MSP is better prepared to develop, package, price and deliver specific cybersecurity services.

3. "The many levers of growth in our unique sell-through business model."

Af first glance, that's a generic statement without much detail. But take a closer look at that "sell-through" concept. Basically, Weller is saying that Datto "sells through" MSPs to reach the small business market. Meanwhile, some of Datto's rivals lean more heavily on a "sell-to" model directly to the MSPs. Both models are effective for engaging MSPs. But the sell-through model scales far more effectively and rapidly because their are millions of small business that can consume Datto's offerings (via MSPs).

Indeed, MSPs can only consume and pay for so much software on their own -- which somewhat limits the sell-to model. In contrast, MSPs can leverage the sell-through model to engage and monetize more and more customer endpoints/users, across more and more end-customer businesses. Translation? The sell-through model -- if leveraged correctly by MSPs -- is only limited by how far and how effectively MSPs manage to scale their sales, onboarding and support teams.

4. "The major international opportunity."

Roughly 30% of Datto's revenues come from outside the United States. Some of the early momentum involved merging with Autotask in 2017. Autotask was based in Albany, New York. But the company had localized its software to support MSPs in multiple regions worldwide. Datto piggybacked that early Autotask work to expand more rapidly across the United Kingdom, Australia and several non-English speaking countries.

"We see an opportunity to grow our global presence even further," Weller told Wall Street analysts during the February 2022 earnings call. "Our first wave of international growth came largely from English-speaking countries, and we still see great potential in these regions. The next evolution is more broadly localizing our solutions for non-English speaking countries. And we are investing in global technology platforms, new people and processes and some key partnerships. This will be a pivotal year in opening up this next frontier of global opportunities for Datto."

Admittedly, smaller MSPs may not be in a position to grow beyond their local cities -- and leaping into foreign markets may be an intimidating, impossible or unwise move.

Still, M&A activity involving MSPs across international borders has accelerated in recent years. Also, MSPs have been partnering with each other and/or distribution businesses to better serve international customers.

MSP Growth: Optimize for Profits First

Amid all the growth tips and considerations above, keep the following tip front-and-center: Optimize your MSP business for profits before you seek to greatly accelerate your ARR growth. Keep in mind:

  • Roughly 25% of MSPs are break-even or losing money. Yes, losing money.
  • Roughly 50% of MSPs have EBITDA margins of roughly 8%.
  • Best-in-class MSPs -- the top 25% of the market -- generate EBITDA margins of roughly 18% or more.

Those stats, which I'm paraphrasing for the sake of simplicity, come from Service Leadership (now owned by ConnectWise).

Joe Panettieri

Joe Panettieri is co-founder & editorial director of MSSP Alert and ChannelE2E, the two leading news & analysis sites for managed service providers in the cybersecurity market.