We were surprised by a recent research report that found enterprises are moving more quickly to managed security service providers (57 percent to provide 24×7 IT systems monitoring, 45 percent for threat detection and intelligence, and 41 percent for technology assessment and analysis). The results were surprising because SMBs are facing even more threats than enterprises, and they have less resources – tools, skills, and personnel.
At a time when a cyberthreat – internal or external – can shut down a business, Managed Security Service Providers (MSSPs or MSPs), offer the most cost-effective cybersecurity options available. It’s their core business, and they have the resources, expertise, and experience to ensure the best possible protection.
Why SMBs and MSPs should be forging tighter partnerships
- Small and midsize businesses are not just targets of cybercrime, ‘they are its principal target’
- Fifty-five percent of SMBs have experienced a cyberattack in the past 12 months, and 50 percent report they had data breaches involving customer and employee information in the past 12 months
- These companies spent an average of $879,582 because of damage or theft of IT assets, and disruption to normal operations cost an additional $955,429, on average
- When it comes to SMB cybersecurity budgets, 67 percent cite insufficient personnel, 54 percent insufficient budgets; and, 44 percent insufficient enabling security technologies;
- Fifty-nine percent of businesses with fewer than 500 employees had no access to a security expert, whether internally or through a third-party contractor or managed security provider
- Sixty-six percent have no training or certification in security
- Sixty percent of small businesses will close within six months of a cyberattack
The MSP market is predicted to undergo significant growth over the next few years, a Compound Annual Growth Rate (CAGR) of 14.8 percent between 2015–2020, from $17.79 billion to $35.53 billion. The major drivers include rise in cybercrimes and threats, rising need of meeting compliance and data protection laws, security staffing and budgeting constraints on the organizations, and increasing adoption of cloud services.
The most popular managed security services include: Managed firewall, intrusion detection, virtual private network, vulnerability scanning, and anti-viral services. One of the easiest ways to get into security services is through Disaster Recovery as a Service (DRaaS), a market which is expected to soar from $1.68 billion in 2016 to $11.11 billion by 2021, at an estimated CAGR of 45.9 percent.
The DRaaS market drivers include its features of faster recovery, cost-effectiveness, enhanced flexibility, and simple testing. Particularly of interest to SMBs (and MSSPs), these services also feature automation capabilities that reduce the use of resources and enable low up-front cost.
Another area where MSSPs can play a critical role is in the cybersecurity skills shortage. It is expected that by 2019 there will be a 25 percent shortfall in cybersecurity talent, with at most 4.5 million skilled workers available to fill the demand for 6 million positions. Unlike SMBs, where any IT skills must be spread across the gamut of operations, and mainly focused on just keeping the systems up and running, MSPs can hire skilled professionals, and keep them current with the right tools, certifications, and the evolving cybersecurity threatscape.
SMB cybersecurity and MSPs is a partnership whose time has come. With threats growing, including the onrushing Internet of Things (IoT), and resources not keeping pace, outsourcing to a trusted and proven service provider is the best way to ensure business resiliency, and ultimately, survival.
The top 5 market forces driving MSP adoption
- The increasing complexity and focused targeting of attacks boosts demand for organizations to pursue a managed security service provider relationship
- Evolving compliance requirements for organizations drive the need for managed security service providers in North America
- The shortage of in-house and deep security expertise and talent drives demand for organizations to partner with a managed security service provider
- The increasing complexity of network security point products is difficult to manage for businesses with small security teams
- Intensifying focus on the core functions of the organization drive cloud service adoption and subscribing to MSPs