Significant cyber incidents such as the NHS ransomware attack and the rapid rise of generative artificial intelligence (AI), have challenged businesses this year. In the first half of 2024 alone, it is estimated that UK businesses experienced approximately 7.78 million cybercrimes. Statistics also show that the UK economy is estimated to incur a total cost of £27 billion annually due to cybercrime, with a substantial percentage of this expense falling on businesses.
Meanwhile, Generative AI and ChatGPT have created new and unpredictable risks for organisations of all sizes. Where language and technical skill were once a barrier, Generative AI now has lowered the threshold for effective and convincing campaigns. With the right prompts, it helps threat actors generate natural-sounding phishing emails with ease. Because of this, phishing emails are likely to increase and become more successful as the human factor of detecting spelling errors and other nuances are mitigated. As a result, non-primary English speaking threat actors have a scalable way to target English speaking audiences.
A recent survey found that almost all (98%) IT and security professionals see the use of Generative AI technology in data privacy breaches as a threat. Because of this, Managed Service Providers (MSPs) have started to offer solutions to protect businesses specifically against these newer types of campaigns, in addition to more “traditional” threats like ransomware attacks, zero-day vulnerabilities, and insider threats.
Whilst attacks continue to evolve, businesses are also grappling with an ever-expanding attack surface due to increased remote working, cloud adoption and interconnected systems, making it harder to defend against threats.
These threats can impact businesses of all sizes, but small and mid-sized enterprises (SMEs) are particularly vulnerable. For many SMEs, who can’t afford or access a large dedicated in-house security team to provide around the clock monitoring and defences, partnering with a trusted MSP is crucial.
Embracing an Integrated Cybersecurity Approach
As cyberattacks grow in complexity and frequency, an integrated cybersecurity approach is essential for SMEs. MSPs deliver this by offering comprehensive solutions that safeguard infrastructure and sensitive data, addressing threats from multiple angles. This includes a powerful mix of endpoint protection, detection and response capabilities, and continuous threat monitoring, helping ensure SMEs are well-protected against a range of risks.
This approach enables MSPs to contain attacks like ransomware before they can inflict major harm. By enhancing remote work security, providing unified backups, and implementing other proactive defenses, MSPs equip businesses to avert major disruptions and prevent extended operational downtime.
Shifting to a Subscription-Based Model
A key trend that’s benefitting MSPs is the rise of the ‘Subscription Economy’ model. According to Juniper Research, by 2028 the subscription economy revenue has been forecast to reach $996 billion globally, up from $593 billion in 2024.
The demographic of decision-makers, buyers, and business owners is changing. Similar to the streaming TV model, many now prefer consuming IT/security solutions as a monthly subscription, and on flexible terms.
The newer generation of business owners no longer want to ‘own’ products, but rather prefer to subscribe to an ‘outcome’. And this is exactly what MSPs provide businesses. A subscription model also makes it easier for MSPs to scale their operations. As their customer base grows, adding more subscriptions becomes straightforward, rather than renegotiating individual deals one at a time. And the customers appreciate the flexibility of adjusting their services as needed, without the commitment of long-term contracts.
In addition to flexibility in pricing, through the subscription-based model, MSPs have predictable and recurring revenue along with increased client relationships and retention. Customers benefit from expertise, real-time threat intelligence and continuous threat monitoring, detection and response, with reduced IT burden and peace of mind.
Enhancing Security Through Education
Though the UK’s cybersecurity skills shortage is due to decrease by almost 5%, continuous upskilling and education are essential for business preparedness and where MSPs continue to play a role.
MSPs should educate their customers about the evolving threat landscape, to understand why certain cybersecurity measures are critical to implement to address specific risks. Understandably, business budgets aren’t always enough for dedicated IT and security resources. For many - that’s the job of the MSP. They rely on the MSPs to best protect them and to do that, the risks need to be explained in simple terms.
According to the 2024 Cyber Assessment Report, when asked what component of their attack surface they are most concerned about in terms of vulnerability and risk, 42% of the IT and security professionals interviewed in the UK stated they are worried about compromise of third-party systems, 40% mentioned inadequate third-party risk management, while 39% said they were concerned about software supply chain attacks.
Many organisations tend to believe they aren’t a target due to their size. But this couldn’t be further from the truth and where MSPs can educate their customers. For example, when it comes to supply chain attacks, threat actors are targeting smaller (often less secure) companies to reach a larger partner further up the stream.
Strengthening Security Through MDR
Cybersecurity requirements will vary based on the business type and structure. But at a high level, MSPs have the opportunity to tailor approaches based on specific security needs. By leveraging advanced threat intelligence and analytics, tailored MDR services enable SMEs to detect and respond to cyber threats quickly, minimising potential damage. Based on the projected growth and adoption of MDR, the ability to incorporate customised security services into endpoint protection and other cybersecurity offerings will help MSPs remain competitive and continue to grow.
As organisations face an increasingly complex landscape, and AI is used to drive more intelligent threat campaigns, businesses are going to turn to MSPs for their cybersecurity needs.
To thrive in 2024 and beyond, MSPs need to partner with security vendors that can best support them on their journey to tailor cybersecurity, provide flexible packages and educate clients. By doing so, MSPs can not only increase their value but also drive growth and remain competitive in a rapidly evolving cybersecurity market.