Trends in Managed Services 2022 by CompTIA shows the evolution in cybersecurity threats and the rise in cybersecurity offerings among MSPs. We cannot ignore cybersecurity as we continue to watch the MSPs of the future. What was once a minor component of an MSP’s portfolio is now critical to the continued competitiveness and legitimacy. The bottom line? Customer engagements around technology and business solutions must include cybersecurity awareness.
Here are some stark statistics from CompTIA’s 2021 State of Cybersecurity Report:
This report reveals that cybercriminals continue to expand their arsenal of techniques and attack methods. A single data breach can cost a company millions, as well as a lot of time and a bad reputation. Malware and viruses remain a major concern. These problems are made worse by new types that attack other parts of a company’s defense strategy. While supply chain attacks continue to increase, such as those that affected Solarwinds in late 2020 or Kaseya recently, ransomware’s insidious mode of operationandi continues to grow. These malicious-style attacks are paralleled to the more common threat of benign human error, which upends cybersecurity at every level of organizations every day. SurgInto this mess steps the MSP as the steward of its customers’ technology environment. In years past, cybersecurity was a limited set of products offered by MSPs. Think antivirus and firewall software. Many MSPs will admit that they were behind the times, or even a bit overwhelmed by the need for more advanced cybersecurity techniques and services.
Get the Trends in Managed Services 2022: Cybersecurity Infographic Now!
Cybersecurity: MSPs Join the Fray
Many MSPs are awakening to this fact today. MSPs identified cybersecurity expertise as the number one priority a year ago. MSPs cited cybersecurity expertise as the number one driver of success over the next two years. Flash forward to today and more than half (54%) of MSPs continue to think that cybersecurity expertise and deep skills (penetration testing and ransomware protection) is a key factor in their business’ success. However, 4 out of 10 MSPs still believe that offering cybersecurity at a basic level can have a moderate effect on their success. A small percentage (5%) of MSPs, most of whom have fewer than 10 employees, consider cybersecurity to be a minor part of their company’s prospects.
MSPs, whether they are pure play or hybrids, report an improvement in their cybersecurity skills and a broadening their offerings over the past 12 months. This is good news. 28% of MSPs admitted that they were either behind their cybersecurity targets or still in the experimental stage with cybersecurity services in 2021. This number fell by half to 14% in 2022. The progress made in 2022 was even more impressive for those who had reached their cybersecurity goals by 2021, or were on track to do so in the next two years. Two thirds of MSPs fell within one of these categories in 2021, but 85% did it this year.
Many MSPs are seeing a rise in cybersecurity focus and advancements in revenue. Cybersecurity accounts for between 10% and 50% of total revenue for 77% of MSPs. What’s even more fascinating is the percentage MSPs who believe cybersecurity dollars will account for more than half their total revenue within two years. This group has doubled to 16%, compared to the 8% who claim they are achieving this amount today.
These positive revenue gains were not possible without taking action. MSPs have taken a variety of steps over the past few years to improve their cybersecurity skills and expand their portfolios, despite the ongoing pandemic which has slowed investment for many companies in and outside the channel.
These actions can be classified into two types: those that are internal to staff/human resources or those that involve in partnering.
These percentages are fairly evenly distributed across the three human resource-related actions. Fourty-two percent (42%) of MSPs reported that they have hired staff with cybersecurity skills in the past year. These skills could include expertise in data, endpoint, apps, and network security, as well as knowledge in identity management, data analysis and penetration testing and/or cryptography. Targeted hiring can also be used to increase your skills in other areas, such as finding.