Cybersecurity has evolved from a single line item in the managed service provider catalog to a strategic discipline no channel firm can afford to ignore.
Most IT service providers count security as a core or complementary aspect of their business, driving revenue, defining their brand and focusing their investments, according to GTIA’s State of Cybersecurity report published Wednesday. The trade association surveyed more than 1,100 IT service professionals to assess how partners are building, managing and monetizing cybersecurity practices.
More than half of respondents said they plan to deploy AI-related cybersecurity tools in the next year.
“The biggest takeaway is that cybersecurity … is no longer simply a piece of a portfolio,” Carolyn April, GTIA’s VP of market research and intelligence, said during a September preview of the report's findings. “It is a discipline that is an imperative for all flavors of channel firm — whether that’s MSPs, a more traditional solution provider [or] even a consultant who works in the industry.”
While security is now recognised as essential, many providers still limit their cyber offerings to basic data protection services. MSPs that lack the skills or resources for more advanced capabilities are leaning on cyber specialists to bolster their security offerings.
The trend has created a split between partners that treat cybersecurity as a core pillar and those that still see it as a complementary add-on.
“Most companies today will say that cybersecurity is a strategic piece of their business. It may not be all they do, but they no longer can consider it a side [issue],” said April.
However, not every MSP has the in-house resources or expertise to meet customer demand. As a result, smaller firms are leaning on specialist providers to bolster their security offerings.
“If they are not spending a lot of time and skill and effort on cybersecurity, they are partnering with other firms that do, which is a very smart move,” April said.
The stakes are rising, along with technical complexity.
“It used to be network protection: do you have antivirus, do you have firewall? Today you’ve got so much going on with risk management, cloud security, identity management,” April said.
While many firms remain focused on data backup and recovery, the next few years are likely to create “the haves and the have-nots,” said April. Those that “staff up appropriately, train appropriately and put the resources into that practice” will pull ahead, while others “remain steeped in the basics.”
AI anxiety
AI has already cast a long shadow over the cybersecurity landscape. MSPs are torn between concern and enthusiasm for the technology’s immediate effects.
“We asked, ‘what do you think the biggest impact of AI is going to be on the cybersecurity landscape and your cybersecurity business?’ And most of them were pretty positive. But the number one impact that the respondents cited was that it was a negative.”
Nearly half of IT service professionals pointed to the use of generative AI tools in cyberattacks as a looming issue. Almost one-third of respondents said their organization experienced an attack in the last year.
“They feel like we’re going to have more threats — and more sophisticated threats — coming in because of AI,” April said. "It’s like this yin and yang. It’s either going to eradicate civilization as we know it, or it’s going to be the best thing that’s ever happened, and it’s probably going to be somewhere in between.”
Learning curves
One of the most significant challenges GTIA identified was customer education. Many small companies still believe they have good enough protection and are not likely targets, according to April.
These are risky assumptions.
The consequences of a cyberattack can be fatal for smaller businesses, April stressed.
“[When] a smaller company gets hit … they might be out of business for a couple of days, which, for some smaller firms, is out of business,” she said.
Some MSPs are drawing firmer lines with clients who refuse to invest properly.
“We have seen that, specifically for a liability issue,” April said. “If you don’t want to go there, I can’t be on the hook for this. I end up in court.”
Beyond compliance and customer challenges, partners are struggling to navigate an oversaturated vendor ecosystem.
“A lot of the respondents said that one of their challenges was picking the right vendors,” said April “These are small companies. They don’t have time to sit down and spend hours a day trying to figure out who they should work with.”
A tailored pitch to an overburdened customer isn’t always a best-in-class solution.
“My advice to vendors … make yourself easy,” said April. “You may not even have the best tool out there, but if you are the easiest, least friction-filled vendor to work with … they are going to choose you every time.”
