Resources

Key takeaways from CyberSmart's MSP Breach Survey

Written by Laurence Keir | Oct 9, 2024 9:31:02 AM

Cyberattacks are a growing concern, and MSPs are essential in helping businesses protect themselves against evolving threats. Brigantia vendor CyberSmart carried out a 2024 MSP Breach Survey to shed light on the state of cybersecurity. The survey revealed the core challenges and threats and outlined potential business opportunities.

We’ve put together the key takeaways from the survey and what they mean for MSPs, their customers, and the broader cybersecurity landscape.

1) MSPs and their customers are prime targets

The first takeaway on the list is alarming. 87% of MSPs experienced at least one breach in the last 12 months, which reminds us that MSPs and their customers are key targets for cybercriminals. MSPs are often responsible for managing sensitive data and systems, making them a lucrative target for hackers looking to exploit supply chain or network vulnerabilities. So, what are MSPs and customers doing to allow their businesses to become vulnerable?

Then, we see the impact of not having strong password management. Weak password hygiene, such as the absence of multi-factor authentication (MFA) and phishing vulnerabilities, are presenting chinks in the armour for cybercriminals to leverage. With 84% of businesses falling victim to a phishing email last year and 46% still not having an agreed process for dealing with phishing attacks, we can see a significant gap in preparedness. Employees often need help responding to phishing attempts, especially those disguised as urgent emails from top-level executives.

2) Ransomware and malware are the biggest concerns

The most significant threats facing MSPs were ransomware, malware, and exploiting weak points in supply chains. These attacks can cause financial, operational, economic, and reputational damage. Cybercriminals often initiate these attacks using unsophisticated methods, like phishing emails or exploiting weak passwords, which means we can do a great deal to mitigate risk.

Despite the rise of ransomware, many businesses and MSPs still need to catch up to adopt preventive strategies like MFA and strong password hygiene. Hackers often exploit these gaps, taking advantage of weak passwords (like using a family member’s name) and the absence of MFA.

3) Cybersecurity services are a dealbreaker for customers

CyberSmart’s survey revealed a significant shift in customer expectations. Over 70% of MSPs noted that their security products and services have been scrutinised more in new business meetings. The result? 35% of MSPs have added new security products, and 23% have hired specialised security staff. This is a fantastic decision for MSPs and hugely beneficial for their customers, but despite this growing demand, only 3,000 MSPs offer dedicated cybersecurity services.

It's clear that businesses are not receiving adequate security from the very providers they rely on. The good news? This represents a major gap in the market for MSPs, presenting a growth opportunity. For those willing to invest in cybersecurity, it’s a chance to offer specialised security products and services, which can directly boost client trust, foster longer relationships, and generate additional revenue streams.

4) Confidence despite frequent breaches

Although the survey highlights a high number of breaches, it also suggests that 97% of MSPs expressed confidence in their cybersecurity measures. This confidence extends to these MSPs' clients and customers, with 73% of businesses now having administrative rights (up from 67%) and 83% having up-to-date malware protection (up from 76%).

Whilst these stats are positive, we need to remember the reality. Confidence may be high, but many MSPs may need to pay more attention to the evolving threat landscape and the sophistication of cyberattacks. Continuous investment in technology and human factors, such as education and incident response, is necessary to achieve what CyberSmart calls "Complete cyber confidence."

5) The path to complete cyber confidence

CyberSmart’s survey suggests a set of key processes that MSPs can adopt to reach complete cyber confidence. These include:

  • Education and training: it’s widely known that many breaches are caused by human error. Regular phishing simulation training and cybersecurity best practices can help keep these incidents down. Organisations need to prioritise making training that is both effective and consumable.
  • Company-wide security policies: Clear security policies are important for businesses, as they help reduce confusion and aid response time during an attack. Organisations also need to ensure that every employee understands the cybersecurity protocols in case of a breach, minimising the impact.
  • Continuous monitoring and incident response: It's essential to deploy real-time monitoring and implement proactive risk management. This could involve running tabletop exercises with senior stakeholders, preparing teams for potential attacks, or building leadership confidence in their ability to respond.
  • Security-conscious culture: cybersecurity isn’t just about technology or cybersecurity products; it’s about creating a culture of security within an organisation. CyberSmart’s survey highlights the effectiveness of promoting security champions within a business. Their role is to share updates and foster an environment where employees know to put security as a top priority. These efforts are essential to long-term cybersecurity success.

The survey clearly shows that true cyber confidence requires a combination of technology, training, and culture.

How MSPs can turn challenges into opportunities

We’ve seen a number of important highlights from CyberSmart’s MSP Breach Survey, which provides valuable insights into the state of cybersecurity in 2024. Though the rise of breaches adds an understandable layer of concern for both MSPs and the public, there are opportunities for MSPs to provide the security services their customers need, boosting trust and revenue. With ransomware and phishing attacks on the rise, the report reminds us that MSPs must prioritise cybersecurity as a core part of their service portfolio.

Cybersecurity is no longer optional for MSPs, and they need to invest in a mix of technology, training, and strong security processes. By doing so, they can unlock new revenue opportunities in a market that’s becoming increasingly security-conscious. Without ticking these boxes, MSPs and their customers are at risk of growing cyberattacks.

The future of MSPs and cybersecurity

It's time to rise to the challenge. Bolstering your cybersecurity offering will make you well-positioned to succeed in the years ahead and remain competitive.

Here at Brigantia, we’re helping MSPs protect their customers against growing cyber threats with market-leading cybersecurity tools. We want you to succeed, which is why we’re committed to selecting industry-leading vendors and providing you with opportunities for growth.

Whether it’s product specialist support or marketing help, we help you offer cybersecurity solutions that cater to every customer requirement. Please chat with our team today to find out more.