It’s well known that many SMBs lack advanced security expertise. While many have some security tools in place, those tools rarely work together, often provide minimal protection, are not fully deployed or outdated, which creates significant security gaps. MSPs are strategically positioned to help SMBs with their security needs and to take advantage of a quickly growing market.
To better understand the dynamics and opportunities surrounding security services in the SMB space, 451 Research conducted two global custom surveys:
- The first targeting 1,700 SMBs about the current state of cybersecurity services they consume to protect organization.
- The second targeting 1,000 MSPs about the security services they deliver to the SMB market, as well as the pain points they experience.
This article examines those responses to look at both the challenges and opportunities that service providers face with respect to delivery security services to SMBs. Topics covered include:
- The SMB security challenge: overconfident and under-protected.
- The growing SMB security opportunity.
- MSPs stepping up their security game.
- Key opportunities, challenges, and solutions for MSPs.
- Conclusion and recommendations.
Key Findings – SMBs
- SMBs are putting a greater emphasis on cybersecurity, but they are ill-equipped to effectively deal with a growing and complex landscape of advanced cybersecurity threats and regulations, and an increasingly disparate IT ecosystem. The result is a significant opportunity for MSPs.
- SMBs are revealing a growing dependence on managed service providers: 65% of SMB respondents reported that they currently procure IT services from an MSP or managed security services provider (MSSP), and the remaining 35% said they are planning to do so soon.
- A great majority (87%) of SMBs plan to increase spending on managed IT services over the next two years, and 31% said they plan to increase spending by 20% or more over the next five years.
- Similarly, 85% of SMBs plan to increase spending on managed security services over the next two years.
- Nearly three-quarters (71%) of SMBs reported that they have experienced a breach or attack in the last 24 months that resulted in operational disruption, reputational damage, significant financial losses or regulatory penalties.
Key Findings – MSPs
- Close to half (45%) of managed IT service providers expect their overall revenue to increase by more than 20% over the next five years.
- Just over half (52%) of MSPs reported that 21-50% of their total revenue is generated from managed security services.
- Almost half (47%) of MSPs said they expect revenue from managed security services to grow more than 20% over the next five years.
- Most (84%) managed IT service providers reported that they currently offer managed security services, with the remaining 16% planning to add managed security services to their portfolios within the next six months.
- A majority (62%) of SMBs said they have a security awareness training program in place with half using ‘homegrown’ methods and materials for training.
- Most (82%) MSPs typically bundle security services as part of a security suite, total offering, or for a price discount.
Conclusion and Recommendations
The cybersecurity risks facing SMBs have never been greater or more decisive. Despite the fact that SMBs are putting a greater emphasis on cybersecurity, they are often overconfident and ill-equipped to effectively deal with an increasingly complex cybersecurity regulatory and threat landscape. And with nearly three out of every four SMBs reporting a breach or attack in the last 24 months that resulted in operational disruption, reputational damage, significant financial losses or regulatory penalties, the demand for managed security services is at an all-time high.
With the majority of SMBs relying on managed IT service providers for their overall IT needs, MSPs are in a prime position to seize a share of the $24bn managed security services opportunity. MSPs must position themselves as their customers’ trusted advisor regarding cybersecurity concerns by moving away from simply offering low-value, isolated security services to providing a suite of comprehensive managed security services. MSPs must take the lead in educating their customers on the risks and threats facing their organizations and help them develop a cybersecurity strategy and roadmap that will address any gaps in a methodical manner.
MSPs are recognizing that deploying stand-alone, niche security offerings is placing a substantial burden on their staff that increases costs and lowers margins. These disparate products do not scale across the MSP’s entire service base and ultimately fail to provide adequate protection for their customers’ organizations. As a result, many MSPs have turned to their RMM platform provider, hoping to deliver managed security services with the same success that they have delivered managed IT services. However, they have discovered that while these platforms are excellent at providing MSPs a unified approach to managed IT services, they often fail to provide a solid platform for managing and delivering security services, falling short in many areas including threat intelligence and detection, integration, machine learning, and visibility across the entire IT ecosystem.
Modern MSPs are turning to purpose-built managed security service platforms that provide a stack of integrated security services that they can deliver to their customers as a service. MSPs are realizing that an integrated platform overcomes many of the challenges of managing and delivering security services and helps MSPs establish service offerings that result in new business opportunities and recurring revenue streams. MSPs are looking for vendors that can help them create agile and differentiated security services while minimizing the cost and effort required to manage, deliver and scale security services across their customer base.
Offered Free by: Webroot Inc.