Rising cybersecurity risks ravage MSP Sector as skill shortage worsens vulnerabilities

Cynthia Ezekwe

Managed Service Providers (MSPs) are facing a significant challenge in their day-to-day operations due to a shortage of in-house cybersecurity talent, posing a grave threat to their ability to keep up with the latest cybersecurity solutions and technologies, according to Sophos, a leading cybersecurity company.

A managed service provider is a third-party company that remotely manages a customer’s information technology (IT) infrastructure and end-user systems. MSPs often handle management services on a daily basis so customer organisations can focus on improving their services without worrying about extended system downtimes or service interruptions.

The Sophos report titled “MSP Perspectives 2024”, noted that  hiring new cybersecurity analysts to keep up with customer growth and keep pace with the latest cyber threats were also top challenges, adding that stolen access to  data and credentials and unpatched vulnerabilities are  among the biggest security risks faced by MSP customers.

According to Sophos, 99 percent  of MSPs report an increase in demand for cyber insurance-related support, with the most common requests including clients wanting to implement a managed detection and response (MDR)  service to improve their insurability, or to receive help completing their insurance application.

Commenting on the challenges,  Scott Barlow, vice president of MSP at Sophos, said, “The speed of innovation across the cybersecurity battleground means it’s harder than ever for MSPs to keep up with threats and the cyber controls designed to stop them. When you couple this with a global skills shortage, which has made it infinitely more difficult for many MSPs to attract and retain cybersecurity analyst resources, its unsurprising that MSPs feel unable to keep pace with the changing threat landscape.’’

To address the situation, the report emphasised there is growing demand for managed detection and response (MDR) services to provide always-on coverage. It noted that about 81 percent  of MSPs offer an MDR service, and almost all MSPs that do not currently offer MDR plan to add it to their portfolio in the coming years.

“MDR providers act as an extension of the MSP, so their caliber and competence reflect directly on the MSP. Furthermore, the MDR vendor’s capabilities impact the range of services the MSP can provide to their clients and the level of work and input the MSP needs to deliver,’’ the report noted.

Sophos stressed the need for organisations to adopt cyber insurance, noting that the widespread adoption of cyber insurance is driving high levels of channel engagement, with 99 per cent  of MSPs reporting an increase in demand for support and solutions to meet cyber insurance requirements

“While MSPs have a huge job to do in protecting their customers against fast moving adversaries, there’s a tremendous opportunity to grow their business and profitability if they can find the right security set up. The data shows that MSPs are strengthening their proposition and reducing overheads by amalgamating the platforms they use and engaging with third-party MDR vendors to expand their service offerings. As they look to build their security offering of the future, they should prioritise vendors that can offer a complete portfolio of industry-best, fully managed security services and solutions,’’ the report added.