There are a series of examples and statistics of why cybersecurity is important and why businesses of all sizes take cybersecurity seriously. The reality is that there is $19 million lost to cybercrime per minute. It is the most significant transfer of wealth in the history of humankind and currently represents a bigger illicit market than all illegal drug trade combined.
While many organizations have come to appreciate the importance of strengthening their security posture, 54% of businesses admit they lack the experience and resources to manage cyberattacks internally. This has led to a growing opportunity for managed service providers (MSPs) to expand their offerings to include security services. Despite being nearly non-existent 20 years ago, the managed security services market is expected to grow 15.2% between 2020 and 2025 (USD 27.70 billion in 2019 to USD 64.73 billion by 2025).
In this article, we will explore strategies that MSPs can take to capitalize on this opportunity by identifying where to start, how to get there, and how to get buy-in and investment from their clients.
Where To Start
There are several areas of security that MSPs can focus on. The list of security measures that can be implemented is seemingly endless which has made it overwhelming to decide where to invest to make the most impact.
A good place to start is to define the business problem rather than trying to determine the services and technology to offer. Accepting that you aren’t going to solve everything and honing in on the business outcome your clients care about can go a long way in ensuring you are solving the right things. Taking this focused and niche approach can make a huge difference in terms of the people you hire, the processes you have in place, the technology you choose, and ultimately communicating these decisions with your clients in a way they can understand.
How To Get There
Every successful security service offering requires consideration and appreciation for three key aspects: people, processes, and technology. Aligning these three components helps assess the viability and guide decisions and investments.
The people aspect should be figured out before developing processes and assessing technology. Even if you have all the fancy widgets in the world and a lot of buying power to invest in hardware and software, it can be challenging to see the value of these investments and scale your service offerings without the right human capital to administer these processes and technology.
But people are the Achilles heel of cybersecurity.
Our research has found that 80% of organizations report the people aspect as being the most challenging component to manage and optimize within their security service offering. With 3.5 million open cybersecurity jobs, MSPs looking to offer security services need to get creative when finding and retaining security talent.
Tips for MSPs to manage the talent gap:
- Focus on understanding the type of talent clients need to be supported by and identifying the specific skills required. For example, some clients are in the defense space and need people with a military background. If that’s your client base, focus on building a workforce that allows you to tap into that expertise.
- Offshoring is a cost-effective option for MSPs serving organizations that don’t have federal regulatory rules they need to abide by regarding where people are located.
- Form partnerships with other security service providers to pool resources, share expertise, and address the talent gap collectively. By collaborating, you can expand your capabilities and offer more diverse security services.
- Identify high-potential individuals within your organization with the aptitude and interest in cybersecurity. Offer them opportunities for cross-training or upskilling to transition into cybersecurity roles. By nurturing talent from within, you bridge the talent gap, foster loyalty, and retain valuable employees.
- It is challenging for MSPs to compete with the compensation offered by enterprise-level organizations. While offering competitive wages is important, many security professionals prioritize a positive work culture over salary, stock options, and bonuses. MSPs should focus on fostering a supportive and inclusive work environment that encourages creativity, collaboration, and professional growth. Providing opportunities for employees to work on challenging projects, participate in industry conferences, and engage in continuous learning helps boost morale and job satisfaction.
How to Get Buy-In
Whether an organization thinks they are too small to be breached or decision-makers see security solely as a cost center, there will likely always be objections when it comes to getting organizations to invest in security. Here are a few ways that Media Sonar’s MSP partners have found success when getting buy-in from their clients:
Clearly articulate to clients the risk of doing nothing.
It’s no longer just a matter of getting breached. There are significant table stakes required to continue doing business in today’s world. Whether this be compliance requirements or security demands from your client’s customers, failing to address these table stakes can have a significant impact on business outcomes.
Communicate in a way that is relevant to clients.
Share examples of real-world security incidents that are industry-relevant and size-appropriate. Focus on how these organizations handled these incidents and what they did differently moving forward. Not only does this show the client that these risks can happen to them, but it also shows them that actions can be taken to mitigate the repercussions if/when they experience a security incident.
Show clients where they are already exposed and vulnerable.
Being able to communicate where vulnerabilities exist and the impact they can have is a great way to start the conversation about how your security services can address these risks. The reality is that the attack surface extends beyond the network perimeter in today’s world and organizations need to account for the risks that can exist in all the places their assets interact across the Internet.
Media Sonar Digital Risk Assessments is a service that MSPs can leverage to show their clients where their assets are exposed. This is a great door opener to have when discussing how you can help mitigate these exposures and the costs to the client if they allow these risks to remain out there.
Discuss how security is more than just a cost center and is a business enabler.
It’s crucial to communicate with clients that security investments are not just a cost. It is an opportunity to accelerate the rest of what they are doing in their business – particularly in the areas of the remote workforce, IoT, Cloud, and Supply chains. Some companies are even using their security posture as a competitive advantage.
Conclusion
There is a growing opportunity for MSPs to offer security services. MSPs looking to capitalize on this opportunity need to take it one step at a time to avoid getting overwhelmed by all the different things they could offer and the resources required to execute effectively. Starting with the business problem, assessing the viability across people, processes, and technology, and getting buy-in by showing vulnerability will help you enter into the security services market more effectively. Contact us to learn more about how your organization can leverage our Digital Risk Assessments.