Managed Service Providers (MSPs) are facing immense challenges in keeping up with the rapidly evolving cybersecurity landscape, according to Sophos’ inaugural “MSP Perspectives 2024” survey report.
The study found that the biggest day-to-day hurdle for MSPs is staying current with the latest cybersecurity solutions and technologies, cited by 39% of respondents.
“The speed of innovation across the cybersecurity battleground means it’s harder than ever for MSPs to keep up with threats and the cyber controls designed to stop them,” said Scott Barlow, vice president of MSP at Sophos. “When you couple this with a global skills shortage, which has made it infinitely more difficult for many MSPs to attract and retain cybersecurity analyst resources, it’s unsurprising that MSPs feel unable to keep pace with the changing threat landscape.”
Key Challenges for Managed Service Providers (MSPs)
1. Cybersecurity Skills Shortage
The survey reveals that MSPs perceive the lack of in-house cybersecurity skills as the single biggest risk to their business and their clients’ organizations. Hiring and retaining cybersecurity analysts to meet customer growth and combat evolving threats emerged as the top challenges.
This is further compounded by the need for 24/7 coverage, as Sophos’ 2023 Active Adversary report for Tech Leaders found that 91% of ransomware attacks now happen outside business hours.
2. Credential Theft and Unpatched Vulnerabilities
MSPs also identified stolen access data and credentials, along with unpatched vulnerabilities, as major security risks for their customers.
Sophos’ State of Ransomware 2024 report found that 29% of ransomware attacks began with compromised credentials, highlighting the prevalence of this attack vector.
Also Read: Sophos expands Channel commitment with Partner Care offering
Unpatched vulnerabilities provide an easy entry point for threat actors, making it crucial for MSPs to prioritize patch management and vulnerability remediation for their clients.
The Rise of Managed Detection and Response (MDR) Services
In response to the complex threat landscape and the shortage of cybersecurity talent, there is a growing demand for Managed Detection and Response (MDR) services to provide round-the-clock coverage and augment in-house security teams. The survey found:
- 81% of MSPs currently offer an MDR service.
- 97% of MSPs that do not offer MDR plan to add it to their portfolio in the coming years.
- 66% of MSPs use a third-party vendor to deliver MDR services, while 15% use a combination of their own SOC and a third-party vendor.
“MSPs want flexibility from their MDR provider, with 71% saying it is ‘essential or very important’ that the vendor can use telemetry from their existing security tools for threat detection and response,” the report states. This highlights the need for MDR providers to offer seamless integration and customization to fit the unique requirements of each MSP.
Streamlining Cybersecurity Partnerships
To reduce overhead, enhance efficiency, and consolidate their security operations, MSPs are streamlining their cybersecurity partnerships and working with a limited number of vendors. The study revealed:
- 53% of MSPs work with just one or two cybersecurity vendors.
- 83% of MSPs use between one and five cybersecurity vendors.
- MSPs estimate they could cut their day-to-day management time by 48% if they could manage all their cybersecurity tools from a single platform.
By consolidating their security vendor partnerships, MSPs can simplify their operations, reduce complexity, and potentially achieve cost savings through bundled offerings and volume discounts.
Cyber Insurance Support
The report also highlighted the increasing demand for cyber insurance-related support, with 99% of MSPs reporting an increase in such requests from their clients. The most common requests include implementing an MDR service to improve insurability (47%) and assistance with completing insurance applications (45%).
As cyber insurers tighten their requirements and scrutinize security postures more closely, MSPs play a crucial role in helping their clients meet these stringent standards and secure comprehensive coverage. By offering MDR services and guidance on insurance applications, MSPs can position themselves as valuable partners in managing cyber risk and ensuring compliance with insurance requirements.
Regional Differences in MDR Adoption
The study found regional variations in MDR service adoption, with MSPs in the U.S. leading the way, followed by their counterparts in Germany, the U.K., and Australia.
- U.S.: 94% of MSPs already offer MDR services.
- Germany: 70% of MSPs offer MDR services.
- U.K.: 62% of MSPs offer MDR services.
- Australia: 58% of MSPs offer MDR services.
These regional differences may be attributed to factors such as varying cybersecurity regulations, customer demands, and the maturity of the local cybersecurity ecosystem.
The Future of MSP Security Offerings
As the cybersecurity landscape continues to evolve, MSPs must adapt and strengthen their security offerings to remain competitive and meet the growing demands of their clients.
“As they look to build their security offering of the future, they should prioritize vendors that can offer a complete portfolio of industry-best, fully managed security services and solutions,” Barlow advised.
By partnering with comprehensive security providers, MSPs can leverage advanced technologies, threat intelligence, and expertise to deliver robust protection and peace of mind to their customers.
Additionally, consolidating their security stack and streamlining operations can improve efficiency, reduce complexity, and potentially drive cost savings.
The “MSP Perspectives 2024” report surveyed 350 MSPs across the U.S., U.K., Germany, and Australia, commissioned by Sophos and conducted by Vanson Bourne in March 2024. The findings underscore the critical challenges and opportunities facing MSPs in the ever-evolving cybersecurity landscape.
