Sophos released its first “MSP 2024 Outlook” survey report, which revealed that the biggest daily challenge facing Managed Service Providers (MSPs) is to keep up with the latest cybersecurity solutions/technologies, cited by 39% of the MSEs surveyed. In addition, Managed Services Providers indicated that hiring new cybersecurity analysts to keep up with customer growth and the latest cyber threats is also a major challenge.
The survey also reveals that MSPs perceive a lack of internal cybersecurity skills as the greatest cyber-security risk for both their own business and their client organizations. MSPs also perceive that data and password theft and unpatched vulnerabilities are among the biggest security risks for their customers. The latest report on the state of the 2024 Ransomware found that almost a third (29%) of ransomware attacks started with compromised passwords, showing the prevalence of this entry vector.
“The speed of innovation in the cybersecurity battlefield means that it is harder than ever for MSPs to keep up with the cyber threats and controls designed to stop them. When combined with a global skills shortage, which has made it infinitely more difficult for many MSPs to attract and retain resources from cybersecurity analysts, it’s no surprise that MSPs feel they can’t keep up with the changing threat landscape”, said Scott Barlow, vice president of MSP at Sophos. “All this is compounded by the need for 24×7 coverage, as stated in our 2023 Active Adversaries for Tech Leaders report, which finds that 91% of ransomware attacks now occur outside of business hours”.
In response to this complex threat landscape, there is a growing demand for managed detection and response (MDR) services to provide continuous coverage. Currently, 81% of MSPs offer MDR service, and almost all (97%) MSPs that do not currently offer MDR plan to add it to their portfolio in the coming years.
Reflecting the lack of internal cybersecurity skills, 66% of MSPs use an external provider to provide managed detection and response (MDR) services and an additional 15% offer it jointly through their own Security Operations Center (SOC) and an external supplier. At the top of the list of essential capabilities in an external MDR provider is the ability to provide a 24/7 incident response service.
MSPs are also simplifying their cybersecurity partnerships, working with a small number of vendors. The study found that more than half (53%) of MSPs work with only one or two cybersecurity providers, rising to 83% who use between one and five. Reflecting the effort and overhead of operating multiple platforms, MSPs estimate that they could reduce their daily management time by 48% if they could manage all their cybersecurity tools from a single platform.
Other interesting findings from the report include:
- 99% of MSPs report an increase in demand for cyber insurance-related support, with most common requests including customers wishing to implement an MDR service to improve their insurability (47%) or help with completing your insurance application (45%).
- MSPs want flexibility from their MDR provider, and 71% say it is “essential or very important” that the provider can use telemetry from its existing security tools for threat detection and response.
- The MSP in the U.S. The MSP in the USA. lead the way in MDR service provision with almost all (94%) already offering MDR, compared to 70% in Germany, 62% in the UK and 58% in Australia.
“Although managed service providers have a huge job to do in protecting their customers from fast-moving adversaries, there is a huge opportunity to grow your business and your profitability if you find the right security setting. Data shows that MSPs are strengthening their proposal and reducing overhead costs by merging the platforms they use and collaborating with third-party MDR providers to expand their service offerings. When building their security offering for the future, they should prioritize vendors that can deliver a complete portfolio of industry-leading fully managed security services and solutions,” continues Barlow.
Data for the MSP 2024 Outlook report comes from an independent supplier survey of 350 U.S. MSPs (200) , United Kingdom (50), Germany (50) and Australia (50). The survey was commissioned by Sophos and conducted by the research house Vanson Bourne in March 2024.
Read the MSP 2024 Outlook report for global findings and industry data at Sophos.com.
