twobee - Fotolia

Cybersecurity for SMB customers evolving into top priority

New research from ConnectWise affirms that MSPs have a fast-growing opportunity to provide cybersecurity for SMB customers. Find out what is fueling the demand.

Small and medium-sized businesses are taking cybersecurity risks more seriously than ever before, according to a new study.

Commissioned by MSP software vendor ConnectWise and conducted by Vanson Bourne Ltd., the study polled more than 700 SMB decision-makers globally between June and July. Among the research's key finding was not only a willingness among SMBs to invest in cybersecurity, but also increasing expectations for their MSPs' capabilities.

Jay Ryerse, vice president of cybersecurity initiatives at ConnectWise, said the report identified "a staggering opportunity for MSPs" to ramp up their cybersecurity practices. Eighty-six percent of the SMBs surveyed cited cybersecurity to be within the top five priorities for their organization, while 38% said cybersecurity is their No. 1 priority. Almost three-quarters of respondents said they plan to "invest more or much more in cybersecurity" in the next six months.

Anxieties about cybersecurity incidents are driving SMBs' demand for protection. The report found that 77% of SMBs worry they will be the target of an attack in the next six months. The explosion in remote workforces due to the COVID-19 pandemic inflamed much of the concern, with 79% of respondents saying they worry about their remote devices and remote employees getting breached. Sixty percent of SMBs said they would invest more in cybersecurity to reduce their organization's security risks.

The study also found a little more than half of SMBs (52%) recognized a dearth of in-house cybersecurity skills, while 59% said they believe that all or most of their cybersecurity needs will be outsourced in five years. "That is a huge swing in the MSPs' favor," Ryerse noted. Only 43% of the respondents said they are currently outsourcing all or most of their cybersecurity needs.

How to offer cybersecurity for SMB customers

Ryerse pointed to one finding that particularly stood out: Ninety-one percent of the SMB decision-makers would move to a new IT service provider for the "right" cybersecurity solution. On average, respondents said they would be willing to pay 30% more for that solution.

Ransomware prevent chart
MSPs' internal remote management tools have increasingly become a vector for ransomware attacks.

When the survey sought to uncover what SMBs seek in an MSP cybersecurity solution, 68% of respondents said they want to be confident in their MSP's capabilities to respond to security incidents. Fifty-eight percent want to be confident that their MSP will minimize a security incident's damage or loss.

"That means the ability to detect the threat and then be able to respond to it and potentially recover … [is] critical for MSPs that are building out their security stacks," Ryerse said.

He added that detection and response is a slightly different mindset from the traditional MSP's. Instead of providing protection and proactive support -- for example, by installing firewalls, antivirus and other tools for preventing attacks -- MSPs need to show their customers that they can identify an incident and react to it accordingly. "Once [threat actors] find their way in, be it through human error or some other activity, ultimately, it is up to the MSP to be able to respond to that. I think this report does a great job of verifying that for MSPs," he said.

Ryerse said one challenge for MSPs is to simply have conversations about cybersecurity with their SMB clients. The study found only 13% of SMBs regularly discuss cybersecurity with their MSP. "It is very difficult for an MSP to get out there and be in front of all their clients. And I think even more worrisome is the fact that 29% of SMBs talk to their MSPs about cybersecurity only after they have suffered through an incident," he said. "So, we have work to do, but we are definitely heading in the right direction."

ConnectWise is looking to rapidly develop its security leadership in the MSP security space. The company currently offers MSP cybersecurity education and certification programs. It will hold its inaugural IT Nation Secure conference from Oct. 14 to 15.

Next Steps

Do IT service providers need MSP cybersecurity insurance?

What modern SMBs can teach managed service providers

SMB cybersecurity challenges create new roles for MSPs

Dig Deeper on MSP technology services