Sikov - stock.adobe.com
MSPs remain confident over security
Despite being inundated with attacks, the vast majority of managed service providers are upbeat about their abilities to fend off breaches
Managed service providers (MSPs) know they are targets for cyber criminals, but the volume of attacks has risen during the past year, and underlined the challenges the channel is facing to remain secure.
The latest CyberSmart MSP survey found that 69% of those managed service providers quizzed had been hit by multiple breaches in the past 12 months. Almost half had to fend off three or more attacks.
Despite the high volume of attacks, the vast majority of MSP leaders remain confident they have enough security. However, the vendor warns it could be a double-edged sword to believe defences are strong enough and go further to protect infrastructure.
This is the second report where CyberSmart has focused on the MSP community, and over both reports, channel players that described their cyber confidence levels as average or above (96%) has remained consistent.
Many MSPs recognised there was still work to be done on continuing to improve security.
CyberSmart’s report found that the confidence MSPs felt in their own security awareness extended to their customers, with many feeling users understood the challenges that were being faced. “As attack attempts on MSPs rise, it can be easy to blame overconfidence,” said Jamie Akhtar, CEO and co-founder of CyberSmart. “However, most MSP leaders do have above-average cyber knowledge as part of their job, no doubt because of the supporting and advisory roles they play for customers.
“What these results really show is that the majority of MSP leaders are willing to engage with the wider community to improve their cyber security posture, protecting themselves and their customers from attacks,” he said. “Ultimately, to stay ahead of attackers in this constantly changing discipline requires the right partners, latest resources and best-in-breed security tools.”
Unlocking opportunities
The vendor’s report highlighted some areas where MSPs could unlock more opportunities if they were able to get on top of regulations and become security compliance experts.
As it stands, there continue to be numbers of MSPs that are not in a position to talk confidently about regulations. CyberSmart found that only 39% of MSPs felt they were able to guide customers through the likes of the NIS2 directive, the EU AI Act and the Digital Operational Resilience Act.
Looking ahead across the rest of 2025 and beyond, MSPs indicated there were a few strategies that would be followed to keep their security defences up. These included using continuous monitoring, continuing to provide employee security training and taking proactive risk management.
The constant theme between both annual CyberSmart MSP surveys has been the confidence felt across the channel.
Last year’s report found that although 87% of MSPs experienced a breach over 2024, with a number being hit multiple times, the overwhelming majority (87%) felt confident about their security position.
The CyberSmart research can be added to other reports that have focused on the threats being faced by MSPs. Back in April, CrowdStrike shared its 2025 Global threat report, which also highlighted the pressure is on the channel to make sure it’s taking steps to protect its own operations and customer data.
“Cyber threat actors are constantly looking to leak data, whether it be through endpoint weaknesses, unclean cyber hygiene practices, or just constantly wearing down businesses with relentless ransomware attempts,” said Mark Appleton, chief customer officer for Also UK. “The advent of AI [artificial intelligence] has taken this one step further; AI has redefined security in many ways, but has also strengthened attack efforts – not necessarily in the quality of attacks, but definitely in the quantity businesses face.”
