First, the good news: The channel now accounts for more than $24 billion in quarterly cybersecurity spending. 

But there’s a downside. The rate and impact of attacks are soaring as hackers target weaknesses that partners are expected to manage. 

Those findings come courtesy of two new reports that help illustrate the cybersecurity opportunities and challenges facing managed service providers, managed security service providers and other channel firms. 

Research conducted by Omdia, a Channel Dive sister company, found that 91.7% of global cybersecurity technology spend — or $24.2 billion in 2025’s fourth quarter — flowed through partners. Total cybersecurity outlay amounted to $26.4 billion. The data underscore the channel’s dominant role in how security is delivered. 

However, SonicWall’s Cyber Protect Report reveals that many organizations’ cybersecurity investments are failing to translate into better outcomes. End users still are falling prey to basic, preventable security gaps — the very leaks partners are supposed to plug.

“The stolen password, not the zero-day, is the attacker's weapon of choice,” SonicWall said in the report.

Given that most cybersecurity spend now goes through the channel, partners must take these issues seriously.

In 2025’s final quarter, cybersecurity technology spending through the channel grew 10.3% year over year, with the largest, often more services-led partners expanding even faster at 18.9%, per Omdia. Much of the boost stems from hyperscaler marketplace transactions, wrote Matthew Ball, chief analyst, channels, at Omdia, Channel Dive’s sister company. 

Omdia projects cybersecurity spending through AWS, Azure and Google Cloud to increase 33.9% to $10.96 billion just this year and reach $31 billion by 2030. In fact, Ball wrote, “hyperscaler marketplaces remain the fastest route-to-market.”

For MSPs and MSSPs, growth has become more closely tied to services and execution than to product resale. And that trend aligns directly with the operational failures SonicWall highlights.

According to the cybersecurity vendor, high- and medium-severity attacks rose 20.8% to more than 13 billion hits last year. This happened not because attackers grew more active, but because they were more precise. They are targeting areas such as unpatched systems, weak authentication and over-permissive access, SonicWall said. Much of this is happening among SMBs, where relying on MSPs and MSSPs proves essential, the vendor added in its report.

"The organizations that suffer the most are not failing because of sophisticated attacks; they’re failing because of predictable, preventable gaps," said Michael Crean, SVP and GM of Managed Security Services at SonicWall. "SMBs are the backbone of the U.S. economy, representing 99% of all U.S. businesses and nearly half of private sector employment. Protecting them protects entire communities."

Access accidents and bad bots

The SonicWall report further uncovered that identity, cloud and credential compromise account for 85% of actionable alerts. This reinforces that the most common attack paths are neither novel nor sophisticated; instead, they’re rooted in misconfigurations and access control issues. Again, poor authentication, wide-open systems and excessive administrative privileges continue to define the primary attack surface, and partners are integral to preventing these gaps.

In the SMB market, where partners play an outsized role. SonicWall found that 88% of SMB breaches involved ransomware in 2025, more than double the rate seen at large enterprises. 

The scale and automation of attacks continue to rise. Automated bots now generate more than 36,000 vulnerability scans per second and account for more than half of all internet traffic. Overall, bad bot traffic has surged to 37% of all global internet traffic, SonicWall found. 

Finally, nation-state actors are going after SMBs and mid-market organizations now, because these firms “often serve as entry points into larger supply chains and critical infrastructure,” Crean wrote in the report. Another reason partners must stay on top of these threats is that they’re no longer relegated to governments and large enterprises.

Overall, partners face a tough cybersecurity environment, with more critical alerts, greater pressure to respond in real time, and less margin for error when serving multiple clients.

This development also changes the equation for SMBs. They can no longer try to handle cybersecurity on their own and expect widespread protection, SonicWall noted.

“[W]e deeply believe that partners deliver the best security outcomes,” Crean wrote. “SMBs should not go it alone. MSPs and MSSPs play a critical role in delivering protection at scale.”

At the same time, as SonicWall pointed out, partners must focus on closing foundational gaps rather than devoting all their efforts to advanced threats or new tooling. But they don’t have to do this on their own. More vendors are switching gears to accommodate that same strategy and support the channel. As Omdia’s Ball wrote, “Leading cybersecurity vendors continued to refine their go-to-market strategies, rolling out refreshed partner programs aimed at deeper channel enablement.”