Sophos, a global leader in innovative security solutions that stop cyber attacks, today released its inaugural “MSP Outlook 2024” research report, which finds that keeping up with the latest cybersecurity solutions and technologies is the biggest daily challenge facing managed service providers (MSPs), according to 39% of MSPs surveyed.
Additionally, MSPs noted that one of their biggest challenges is hiring new cybersecurity analysts to keep up with growing customer base and keep up with the latest cyber threats.
The survey also revealed that MSPs identify a lack of in-house cybersecurity skills as the biggest cybersecurity risk to both their own organizations and their client organizations.
MSPs also identify stolen access data and credentials, and unpatched vulnerabilities as among the biggest security risks to their customers.
The latest “State of Ransomware 2024” report found that nearly one-third (29%) of ransomware attacks start with compromised credentials, making this entry vector widespread.
“The speed of innovation on the cybersecurity battlefield means it’s harder than ever for MSPs to keep up with threats and the cyber controls to stop them.
“When you add to this a global skills shortage that is making it extremely difficult for many MSPs to attract and retain cybersecurity analyst talent, it's no wonder MSPs feel unable to keep up with the changing threat landscape,” said Scott Barlow, vice president of MSP at Sophos.
“All of this is further complicated by the need for 24/7 response, as illustrated by the 2023 Active Advisory Report for Technology Leaders, which found that 91% of ransomware attacks now occur outside of business hours.”
This complex threat landscape is driving demand for managed detection and response (MDR) services that provide around-the-clock coverage.
Currently, 81% of MSPs offer MDR services, and nearly all (97%) MSPs that don’t currently offer MDR plan to add it to their portfolio in the next few years.
Reflecting a shortage of in-house cybersecurity skills, 66% of MSPs use a third-party vendor to deliver MDR services, with an additional 15% delivering the service jointly through their own SOC and a third-party vendor.
Topping the list of must-have features in a third-party MDR provider is the ability to offer 24/7 incident response services.
MSPs are also streamlining their cybersecurity partnerships by working with a smaller number of vendors.
The survey revealed that more than half of MSPs (53%) only work with one or two cybersecurity vendors, while 83% work with one to five.
Reflecting the effort and overhead of running multiple platforms, MSPs estimate they could reduce day-to-day administration time by 48% if they could manage all their cybersecurity tools from a single platform.
Other interesting findings from the report include:
- 99% of MSPs report an increase in demand for cyber insurance-related support, with the most common requests including clients wanting to implement MDR services to improve insurability (47%) or receive assistance with completing insurance claims (45%).
- MSPs want flexibility from their MDR providers, with 71% saying it is “essential or very important” that their vendor can use telemetry from existing security tools to detect and respond to threats.
- US MSPs lead the way in offering MDR services, with nearly all (94%) already offering MDR, compared to 70% in Germany, 62% in the UK, and 58% in Australia.
“MSPs have a big role to play in protecting their customers from rapidly changing adversaries, but if they can find the right security setup, they have a huge opportunity to grow their business and profitability.
Data shows that MSPs are consolidating the platforms they use and partnering with third-party MDR vendors to expand their service offerings, strengthening their propositions and reducing expenses.
As we consider building our future security products, we need to prioritize vendors that can offer a complete portfolio of best-in-class, fully managed security services and solutions.” Barlow continued.
Data for the MSP Perspectives 2024 report comes from a vendor-neutral survey of 350 MSPs across the US (200), UK (50), Germany (50) and Australia (50). The survey was commissioned by Sophos and conducted by research firm Vanson Bourne in March 2024.
For global findings and sector-specific data, read the MSP Perspectives 2024 report on Sophos.com.
Don’t miss out on this week’s important articles, subscribe to techbuild.africa’s weekly digest for the latest updates.