What the Influx of Security Breaches Means for MSPs

With cybersecurity top of mind for business owners, MSPs have an extraordinary opportunity to become more than just IT providers in 2019. When executives review security vulnerability reports for their organizations, they’re forced to look at how breaches would impact overall business risk. This is where MSPs can insert themselves as not only cybersecurity experts but business risk professionals.

How is the security landscape evolving for MSPs?

Cybersecurity is an increasing concern among businesses across the globe. The truth is the global cybersecurity market is expected to hit $180 billion by 2021, which means there are plenty of opportunities for MSPs to generate additional monthly recurring revenue (MRR) by focusing efforts on delivering managed security services to businesses of all sizes. Even though cybersecurity risk has been cited as the top risk by managers and nonrisk professionals for more than five years, there are no signs of worries about cyber threats going away anytime soon. To meet the needs of this ever-changing threat landscape, over the years, MSPs have evolved their approach to protecting clients. Now, a security strategy is much more than just a solid endpoint solution; it’s a comprehensive approach to managing the integrity of the customer’s technology footprint — and clients now get it.

Educating clients on cybersecurity is becoming less important

Nobody is safe from cybersecurity attacks in 2019. Even though some of the biggest hacks in 2018 occurred at multi-billion-dollar companies, including Facebook, Quora, Google and Marriott, SMBs aren’t immune to attacks by cyber criminals. Fifty-three percent of mid-market companies have experienced a breach, according to the 2018 Cisco Cyber Security Report: Special Edition SMB. The days of MSPs having to educate customers and prospects on the dangers of vulnerabilities are over.

With security breaches garnering media attention, customers are now more aware of security risks than ever before. Instead of blowing off cybersecurity discussions, they’re being proactive by asking questions on the trending topic and insisting on additional security measures to protect their businesses. This opens the opportunity for MSPs to have substantive conversations about how security impacts overall business risk. For MSPs to take advantage of this shift in awareness, they need to position security as a key process in their services, which they began doing many years ago.

MSPs are continuing to build and enhance their security practices in 2019

Without a doubt, MSPs have been aggressively funding their security practices over the years to combat new and evolving cyber security threats in their markets. In my opinion, from what I can tell, MSPs are going to continue investing a lot of capital and resources into their security services this year, but not all MSPs agree on how to properly structure security services to their customer bases.

Due to this difference in opinion among MSPs, pricing models for security services vary from MSP to MSP. For example, some MSPs have opted to create security service layers on top of their offerings, while others have baked security services into their managed offerings. As for the latter, these MSPs are structuring their securities this way because they feel the need to ensure their clients are protected, and they don’t want to potentially lose business to MSSPs looking to steal market share. No matter how MSPs break down their security offerings for clients, there’s always room for growth.

While the influx of security breaches is good news for MSPs, there’s always a downside to every upside: MSPs are becoming a threat vector for malicious attackers. As MSPs assess businesses for security vulnerabilities, they should also evaluate within to protect themselves and customers from increasing security threats. Without a doubt, cyber threats are going to continue in 2019, and if MSPs don’t seize the opportunity to become more than just IT providers, money will be left on the table.

Request My Demo

What MSPs Should Know About GDPR

MSPs have been maturing, and because of this, players in the field have had to evolve — especially with regard to data management and security. While the EU’s general data protection regulation (GDPR) will give privacy rights back to EU citizens (that’s the legislation’s goal, at least), it’ll also create a lot of challenges for MSPs with clients across the Atlantic Ocean. Understanding what GDPR is, how it’ll impact clients and what needs to be completed ahead of time will aid MSPs with overcoming top GDPR obstacles.

What’s GDPR?

First, it’s important for MSPs to understand how GDPR impacts them. Basically, GDPR grants individuals (specifically, EU citizens) the right to determine how their personally identifiable information (PII) is used by businesses based anywhere. Once GDPR goes into effect (on May 25, 2018), businesses everywhere will be required to unambiguously state to their users how all PII will be used and obtain consent prior to using user PII.

PII? What’s That?

Put simply, PII is any data that can be used to uniquely identify a specific individual. PII examples include names, email addresses, phone numbers, mailing addresses and social security numbers. IP addresses, social media posts and transaction histories could also fall under GDPR’s definition of PII. To be honest, GDPR’s definition of PII is pretty broad.

What If I’m Not Based In The EU?

GDPR isn’t something that will only affect MSPs in the EU. You’ll be impacted in some way or another if your clients do business with anyone within the EU. If an MSP or its clients collect, process or store PII of an EU citizen, then steps will need to be taken to ensure compliance with the law. Being in a country outside the EU doesn’t protect you.

I’m A Little Late To The Game, So What Should I Do?

Hopefully, you’ve been monitoring GDPR over the past couple of years. If you haven’t, well, there are a couple of items you should address immediately. Don’t wait any longer.

First, determine if you have any potential exposures as a data processor or data controller as defined by GDPR. Consider this: If you have clients or staff in the EU, then you probably have exposure to GDPR. (As far as addressing the exposure, I recommend consulting with legal counsel.) You don’t want to end up on the wrong side of the law.

Next, using the same methodology above, determine if clients have potential exposure to GDPR. Again, if any potential exposures arise, have your clients consult legal counsel.

What’s the good news? GDPR is going to enable us to raise the conversation with clients about how they store, manage and comply with regulations. Like it or not, more regulation is coming to IT, and we need to educate our clients on potential exposures.

New Call-to-action