fbpx

Key takeaways from the MSP cybersecurity survey 2024

MSP cybersecurity survey

How prepared are managed service providers (MSPs) to deal with cyber threats? 

This might seem like an obvious question, but there’s surprisingly little research on the subject. So, we set out to change this. Alongside our friends at OnePoll, we surveyed 250 UK business leaders from every major industry to understand the challenges and opportunities facing MSPs.

Here are the key takeaways from the CyberSmart MSP survey 2024.

The MSP cybersecurity survey 2024: 5 things you need to know

MSPs are among the most attractive targets for cybercriminals. 87% of respondents said they’d experienced at least one breach in the last year – with many suffering multiple attacks.

So, why are they such a popular target?

Many businesses rely on MSPs for everything from IT support to network monitoring. They provide essential services, but need privileged access to their customers’ critical systems and data to deliver them.

As such, breaching an MSP gives cybercriminals access to data from multiple targets. This allows them to reach more victims with minimal effort, maximising the amount they can earn from a single attack.

Want to know more? Read our MSP report in full here.

2. Malware and ransomware are the biggest threats to MSPs

Cyber threats take various forms. Some, like phishing, are more common than others. But for MSPs, the biggest threats come from malware and ransomware.

57% of respondents ranked malware and ransomware as their biggest concerns, ahead of unpatched vulnerability exploits (41%) and insider threats (37%). These results are particularly interesting given that many businesses don’t have ransomware recovery plans or policies to deal with them.

3. MSPs overlook key cybersecurity risks

Despite growing awareness among MSPs of the biggest cybersecurity risks, our survey revealed some notable exceptions. 

The cybersecurity skills gap is a prime example. Only 35% of respondents identified it as a key concern – in sharp contrast to recent World Economic Forum research suggesting it remains a serious threat.

Alarmingly, only 26% recognised supply chain attacks as a threat, while few explicitly mentioned phishing. This is particularly surprising, given that 84% of businesses that reported breaches last year experienced some form of phishing attack

4. Customers expect more from MSPs

IT services are the bread and butter for many MSPs, providing guidance and support for businesses that don’t have the resources to manage their infrastructure in-house. But customer expectations are changing.

65% of respondents said customers expect MSPs to implement or manage their cybersecurity. Meanwhile, 73% feel their security capabilities are under greater scrutiny, especially during request for proposal (RFP) and new business meetings.

In response, we’ve seen many MSPs adapt their services to meet this demand. 70% of respondents have expanded their capabilities over the last year, adding cybersecurity support services and products to their portfolios.

5. Cybersecurity confidence is high among MSPs

Nearly all respondents said they were confident in their business’s cybersecurity. We defined this as having or engaging in at least one of the following:

  • Continuous threat monitoring
  • Proactive risk management
  • Risk reporting
  • Incident response and recovery
  • Cybersecurity training
  • Cybersecurity policies
  • Demonstrable cyber credentials (e.g., Cyber Essentials)

When we dig a little deeper, this confidence appears misplaced. Only 55% and 54% of SMEs have clear policies for accessing and sharing sensitive data, respectively. This suggests a disconnect between perception and reality.

A golden opportunity for MSPs

Our survey reveals some interesting truths about MSP cybersecurity.

MSPs remain the most popular target for cybercriminals, with malware and ransomware attacks the biggest threats. Service providers are increasingly aware of the dangers of the digital frontier and are confident in their defences, but overlook some key risks nonetheless.

Arguably, the most interesting point is the changing perception among customers. Many now expect service providers to offer cybersecurity products and services as standard. While this might seem like another hurdle to overcome at first glance, it presents a golden opportunity to MSPs willing to adapt to meet this demand.