Dive Brief:
- Internal IT teams and outsourced IT providers share cybersecurity priorities, but the latter outpacing its investments according to a Sapio Research survey commissioned by Cynet.
- The survey of 800 managed service providers and 800 in-house IT teams of SMBs across nine countries found that both groups ranked identity security, email and phishing protection, cloud and SaaS security as their top three cybersecurity capabilities. However, 89% of MSPs planned further investments in cybersecurity tools this year, compared to 78% of SMBs.
- MSPs are ahead on AI adoption, with 64% having embedded AI into their remediation and response operations, compared to 48% of in-house teams. MSPs are also using an average of eight cybersecurity tools, compared to five for SMBs.
Dive Insight:
Outsourced IT teams and internal IT teams share priorities but are investing at different rates. That reflects how an MSP is structured differently from a small business's internal IT.
Matt Rose, chief experience officer at Florida-based MSP Tech Rage IT, said both groups attend the same conferences and hear the same messages about cybersecurity. However, they vary widely in their scope.
“We are dealing with many companies, not one,” Rose told Channel Dive. “We build diverse teams that have to help us get through these problems.”
MSPs’ wide aperture across IT environments has exposed them to more security tools, and more recently, AI tools. That’s one of the reasons 64% of MSPs have baked AI into remediation and response operations versus 48% of internal IT teams.
“I think it proves why MSPs can bring value in a co-managed situation,” said Rose.
Many of the internal teams are actively working with an MSP for cybersecurity; 27% used an MSP for security, 44% operated in a co-managed model and 29% managed security on their own. Compliance and reporting was the capability internal teams most preferred to run in-house, and cloud and SaaS security was the category they most preferred to adopt externally.
More than half of MSPs said ransomware was the most common threat encountered versus 38% of in-house teams. MSPs ran into business email compromises roughly as often as SMBs, but organizations using in-house teams reported far more incidents than MSP customers.
Tech Rage IT is eyeing AI governance this year as part of its cybersecurity investments. Rose said many customers don’t understand the full risks associated with adopting LLMs and agents. While businesses can easily wrap their heads around the dangers of phishing and ransomware, AI awareness feels complex, Rose said.
“I think it's really hard to demonstrate to somebody besides what it sounds like fluff right now,” he said. “We're trying to do more on that. There's a million things to do, but that's just something I think is going to blow up in everyone's face one day, and I'd like to try to get ahead of it.”