Security market shifts to MSP, identity and infrastructure

The security world is evolving to move away from traditional protection measures towards focusing on securing identity and infrastructure via a managed services model.

Evolution is a common event in the security world, with one of the last major ones being the move away from reacting to listed threats towards a more proactive zero-trust agenda, and the industry is shifting again, according to market watchers Context.

The latest analysis of the first few weeks of the year indicated that the security market declined by 4.6% year on year (YoY). This was largely due to a weakness in corporate-facing resellers, with the mid market and small user specialists continuing to grow during the period.

Context found that not only has there been a split in the dynamics of the channel, but there has been a move away from some traditional products both vendors and their partners have been pitching.

“Security spend isn’t disappearing, it’s being reallocated,” said Joe Turner, global director of research at Context. “What we’re seeing is a clear move away from standalone protection tools towards integrated platforms, identity-centric security infrastructure designed to meet regulatory and operational pressure.”

This shift could be seen in the numbers, with network security down 8% YoY, with endpoint protection also decreasing. Customers have instead moved towards integrated XDR and SaaS-based security platforms.

Context found that data security was also a category under pressure, down 33%, as a result of customers pausing spending after a round of encryption and compliance investment cycles that were provoked by GDPR and the eIDAS Directive. Compliance remained a catalyst for spending in other areas, including around securing automated and complex environments that customers are moving to because of digital transformation projects and the adoption of artificial intelligence (AI).

Security specialists across the channel selling identity and management should have seen fortunes improve, with those categories improving by 25% YoY. The combination of zero trust and regulations such as NIS2 have helped fuel that growth.

The need for users to get a clear picture of their security defences to meet regulations could also be seen in increased growth in tools to secure infrastructure, with the likes of SIEM, SOAR and vulnerability management all benefitting. 

“The regulatory environment is now one of the biggest drivers of security investment,” Turner added. “Organisations are not just buying protection, they are buying the ability to demonstrate compliance, respond in real time and manage risk across increasingly distributed systems.”

The other finding from Context’s analysis of the first few weeks of 2026 includes the rising popularity of the managed services provider (MSP) model. The UK and Ireland saw managed services growth coming in at 42%, with Germany up 72%. Customers struggling to meet compliance regulations without their own skilled staff were increasingly turning to the channel to provide the solutions.

“MSPs are becoming the operational backbone of cyber security for many organisations,” said Turner. “With regulatory deadlines tightening and a well-documented talent gap, businesses are increasingly buying outcomes rather than tools.”

The takeaway for the security channel was not just the message around the market dynamics changing but the expectation from Context that those conditions would continue in the near term as pressure continued on some traditional product segments.

“This is not a downturn, it’s a reset,” Turner added. “The organisations that adapt fastest to platform-based security, identity-first models and service-led delivery will be the ones best positioned for what comes next.”