Why aren’t MSPs offering more cybersecurity services?

Cybersecurity is a booming field that is set to grow, but many MSPs offer only the most basic of security services. Why don’t they offer more?

A few reasons stand out immediately: Cybersecurity services can be expensive to develop. Finding professionals to manage them can be difficult. And many MSPs don’t want to take on the risks involved with cybersecurity.

But failing to offer adequate cybersecurity can be risky as well. In a highly competitive environment, MSPs need to make their services stand out from those of competitors. More to the point, clients really do need help securing their data. If you can’t help them, they’ll find somebody who can.

Fortunately, the barriers to entry for MSPs in cybersecurity aren’t as challenging as they seem. In fact, if MSPs are wise about offering cybersecurity operations, there really aren’t any barriers at all.

Data security is so essential that it’s hard to imagine a service provider not offering it. In fact, in one informal survey of MSPs, 92% of respondents said it’s impossible to be an MSP today without offering cybersecurity.

However, cybersecurity, in this case, has a very broad definition. The survey defined it as “billing the client directly for a service that’s sole purpose is to ‘secure’ something or someone.” That could mean something as relatively simple as offering antivirus or patch management. That’s probably why, by one estimate, 99% of MSPs already offer cybersecurity services.

While a fast-food place and a Michelin-star eatery are both restaurants, they’re hardly the same thing. They serve different purposes and different audiences. Both can drive a lot of revenue. More to the point, many, many successful dining establishments fall somewhere in between those two categories.

The MSP market for cybersecurity is somewhat similar, ranging from providers who offer the simplest of services all the way to MSSPs, who focus almost entirely on security and offer complex capabilities (the second “S” stands for security). There isn’t a truly clean break between MSPs and MSSPs. Providers can and do offer varying levels of cybersecurity services.

The real issue is that a lot of MSPs don’t offer enough services in the cybersecurity space. Many could move toward offering services similar to those MSSPs offer without necessarily becoming MSSPs. In other words, they could still provide essential functions other than cybersecurity while also delivering services that actively protect clients’ data. And given the projected growth in the market for MSP cybersecurity, they should. But many still don’t.

A lack of cybersecurity capabilities could become a real problem for MSPs on the lower end of the spectrum. They’re likely to have trouble acquiring new customers if they can’t match competitors’ security offerings. Analysts with Canalys recently identified new customer acquisition as the biggest problem MSPs face.

Plus, failing to enter the market for cybersecurity services is basically tantamount to walking away from piles of money. Growth in the space is happening right now. Canalys projected that cybersecurity managed services revenue would grow 15% in 2024. Getting into details, the firm projected managed detection and response (MDR) revenue would grow by a whopping 50%.

Of course, offering cybersecurity services isn’t easy. Specifically, there are some common misconceptions that prevent MSPs from taking the plunge. Below are just a few of those misapprehensions and how MSPs can overcome perceived barriers with some creative thinking and the right technology.

On the surface, this is true. But it doesn’t necessarily have to be. For instance, the biggest wave of tech layoffs in nearly 25 years has left many cybersecurity professionals unemployed. With an aggressive and creative hiring strategy centered around using social media and creating a positive culture, MSPs can find great employees to manage cybersecurity without having to pay a premium.

Adopting the right technology can help, too. The fewer applications an MSP has to manage, the fewer new employees it will need to hire. Some MSPs might even be able to ramp up new security services without hiring anybody new at all.

A complete cybersecurity solution with native integration of multiple key capabilities, all manageable through a centralized administration console, removes a barrier to entry for MSPs in cybersecurity. They can have an employee or two manage cybersecurity offerings in a single interface instead of needing to hire multiple people to manage multiple disparate applications.

This issue dovetails with the hiring challenge. Maintaining a relatively comprehensive cybersecurity practice requires time, expertise and investment. It’s one reason why most MSPs don’t offer complete cybersecurity services and end up dabbling in something relatively easy to set up, such as antivirus or patch management.

The real growth, though, is in services such as MDR, EDR and XDR. Those capabilities were the drivers that had 34% of MSPs expecting more than 20% year-on-year growth in cybersecurity revenue going into 2024.

Fortunately, MSPs don’t have to go it alone when moving into new areas of cybersecurity. Canalys reports that half of MSPs now work in a managed services hybrid delivery model, partnering with vendors, other MSPs and even client IT teams to offer more comprehensive cybersecurity services. A vendor that offers easily manageable security solutions, excellent support and regular training can be a major catalyst for MSPs looking to increase their cybersecurity offerings.

There’s no denying that many clients who suffer a data breach will point to a failure of an MSP security provider as the cause of the attack. It’s part of being in the security business. MSPs can potentially be liable for damages to clients.

But none of that should scare MSPs away from boosting their cybersecurity offerings. MSPs need to be open up front about the services they provide; anybody who works in cybersecurity knows not to promise that a breach will never happen. A smarter strategy is to explain exactly what your security services do and how they can help a client respond to or minimize damage from a breach.

Plus, MSPs and their clients should both invest in cyber insurance. It’s the most effective way to shield businesses from liability issues, and it’s generally not a massive investment in terms of cost. MSPs can promote cybersecurity services as a way to help their clients reach a level of protection at which they’re able to purchase cyber insurance. Most insurance providers have minimum levels of protection a business must obtain before they’ll open a policy.

There is, fortunately, a solution that provides the natively integrated, easily manageable cybersecurity capabilities MSPs need: Acronis Cyber Protect Cloud, which delivers integrated backup, disaster recovery, cybersecurity and endpoint management at scale, and also integrates with a wide variety of other applications.

Acronis Cyber Protect Cloud gives you the tools you need to boost your cybersecurity services without blowing your budget on new resources. Acronis offers support and training so that you never have to manage cybersecurity services alone. Automation of key processes, along with ease of implementation and management in Cyber Protect Cloud enable MSPs to save time and get more done with fewer employees and minimal expense.

Offering more complete cybersecurity services is more than just a huge revenue opportunity for MSPs. It’s also a necessity in a highly competitive environment. With sound strategy, the right technology and a bit of creative thinking, just about any MSP can easily climb the cybersecurity ladder and become a trusted provider of data protection.