New research by Cybersmart has revealed that over half (58%) of MSP leaders globally believe their customers are at more risk today than this time last year. As a result, MSPs are being relied upon more than ever by customers to provide critical cybersecurity support, with 84% of respondents noting that customers now expect them to manage either their cybersecurity infrastructure or their cybersecurity and IT estate combined. This is a significant uptick from 2024, when 65% of MSP leaders noted that their customers expected them to manage their cyber.
The second annual CyberSmart MSP Survey, conducted by OnePoll, features insights from 900 MSP leaders from the UK, France, Belgium, Australia, New Zealand, Sweden, Germany, and the Netherlands, with customers of varying sizes ranging from 1 to 250+ employees.
Responsibility and expectation of MSPs in customer cyber management
As well as being relied upon to support customer cybersecurity, over three-quarters (77%) of MSP leaders noted that scrutiny of their own businesses’ security capabilities had increased either slightly or a lot over the past 12 months. This suggests that MSP customers are more aware than ever of the importance of good cybersecurity when it comes to potential partners, which is unsurprising given that attacks have increased across the board, with research indicating a 50% year-on-year increase in cyber incidents. As a result, MSPs need to choose trusted cybersecurity partners carefully.
There’s also evidence that MSPs are retooling or expanding their cybersecurity operations to meet demand. The research found that spending has increased in multiple areas including on specialist cyber hires, enhanced cyber capabilities and specialist regulatory hires.
Jamie Akhtar, CEO and Co-Founder of CyberSmart, said: “In light of the recent uptick of cyber incidents targeting MSPs, it is unsurprising that customers are scrutinising MSPs more. This means that it’s critical for MSPs to work with cybersecurity partners that are able to provide a high level of confidence and security for both their own and their customers’ cybersecurity to align with increasingly stringent expectations and rising threats.”
AI presents biggest risk to MSP clients
Despite MSPs feeling that their customers are slightly less at risk from cyber threats (58%) than in 2024 (61%), concern levels still remain high. According to MSP leaders, the leading causes of concern for MSPs and their clients are emerging AI threats (38%), which is unsurprising given that it is thought that 40% of attacks today are AI-driven.
In terms of the most significant threats facing MSP customers, after AI, these included traditional attack vectors, including ransomware or malware (38%), insider threats (35%), and unpatched vulnerabilities (32%). This marked a significant shift from 2024’s results, which found that malware/ransomware (55%) and inflation and spiralling costs (43%) were the biggest concerns. However, the research also indicated that MSP customers potentially underestimate supply chain attacks as a threat, with only 20% of respondents noting it as significant. This is despite a recent uptick in the reporting of significant supply chain incidents like the May 2024 Snowflake incident that affected many high-profile customers, including Santander and Ticketmaster.
Jamie Akhtar, CEO and Co-Founder of CyberSmart, said: “Across all industries, business leaders are beginning to wake up to the risk AI-fuelled threats pose to their organisations. This risk is particularly pertinent for MSP leaders, who are not only responsible for protecting their own organisation, but the data and assets of many others. It is critical that MSPs take the threat posed by AI seriously, without neglecting the threat posed by more traditional attack vectors like malware and ransomware. MSPs must partner with trusted cybersecurity organisations to bolster and maintain complete cyber confidence.”
