The Rise of Managed Security: How to Boost Revenue Despite Economic Uncertainty
As cybersecurity services demand grows, MSPs should build service mix and security vendor relationships.
To call the current economic climate uncertain would be a dramatic understatement. For more than a year, stubborn inflation, rising interest rates and uneven demand led many businesses to cut back. Anticipation of a recession, compounded by an unsustainable hiring spike that occurred in the immediate aftermath of the COVID-19 pandemic, resulted in businesses reducing operational expenses, capital spend and head count.
Yet today, the recession that once seemed inevitable may or may not happen. The economic indicators remain murky. Even as inflation falls and unemployment hovers near historic lows, uncertainty remains.
Despite facing unsteady economic conditions, the managed IT security services market has grown rapidly in recent years on the back of rising demand. Organizations of all sizes are increasingly outsourcing their security needs to external advisors with specialized expertise, creating significant opportunities for managed service providers (MSPs).
Here are some of the market trends fueling this growth and suggestions on how MSPs should look to capitalize as they deal with economic headwinds.
Managed Cybersecurity Market Drivers
Although companies tend to reduce their IT investments during uncertain conditions, the managed IT security services market has held strong. According to a Canalys survey commissioned by WatchGuard, 51% of MSPs expected their business to grow by double digits this year despite facing rising vendor prices and an increased cost of doing business.
Cybersecurity remains atop the executive agenda, with MSPs seeing high demand for endpoint and network security and vulnerability and security analytics. Over the longer term, a MarketsandMarkets forecast projects spending on cybersecurity services to reach $479.6 billion by 2027.
Factors driving this demand for security services include:
Increasingly complex threats. First, the threat landscape is getting more difficult for enterprises to manage on their own. Phishing and ransomware remain as leading threats that grow more sophisticated and costly. In 2023, the average global cost of a data breach set a new record: $4.45 million. But the cost to organizations in the aftermath of an attack goes beyond restoration and remediation, as the reputational damage they suffer can negatively impact sales.
A cybersecurity skills shortage. In addition, it's become more difficult for organizations of all sizes to find talent to fill in-house cybersecurity roles. While the number of people working in cybersecurity is steadily increasing, it's not keeping pace with demand. Cybersecurity certifications provider ISC2 estimates there are approximately 1.5 million cybersecurity workers in North America, yet North American organizations are only meeting 74% of workforce demand, with a shortfall of more than half a million workers. This shortfall is especially problematic for small to midsize enterprises (SMEs), which often have difficulty competing with larger organizations for talent, leading them to outsource their cybersecurity needs.
A cybersecurity solutions sprawl. To deal with an evolving cybersecurity threat landscape, many organizations find themselves struggling to manage a sprawl of cybersecurity tools and services. A Ponemon Institute study found that the typical organization uses an average of 47 different security solutions from up to 10 different vendors. Managing so many solutions is not only costly and complex, but it can also lead to security gaps and blind spots.
An increase in compliance regulations. Many businesses find it hard to cope with an increasing number of government data privacy and protection mandates. The stakes are high, as organizations found to be in noncompliance with regulations such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), the National Institute of Standards and Technology (NIST) Cybersecurity Framework 2.0 and the California Consumer Privacy Act (CCPA) can face stiff penalties. For instance, regulators fined Meta a record $1.3 billion in May 2023 for violating GDPR rules.
Rising cyber insurance premiums and stringent policies. Hoping to mitigate the potential cost of a breach, many enterprises are purchasing cyber insurance. As a result, the cyber insurance market is expected to grow from $7.8 billion in 2020 to $20 billion by 2025. But carriers continue to increase the cost of premiums and are becoming far stricter about underwriting policies (especially for SMEs and high-risk verticals like health care). For example, carriers are requiring many organizations to adopt technologies like multifactor authentication (MFA) to obtain coverage.
Finding Opportunity in Market Trends
These trends present significant revenue opportunities for security-focused MSPs — even in an uncertain economy. But turning these opportunities into business results requires the right mix of specialized expertise, services and vendor partnerships. Here are a few ways that MSPs can provide their expertise and services to capitalize on these opportunities.
Offer innovative solutions to combat emerging threats. While the threat landscape continues to evolve, MSPs can provide organizations with the rapid response services they need to minimize damage and maintain business continuity when an attacker strikes. Innovative service offerings like extended detection and response (XDR) and managed detection and response (MDR) can help combat complex threats. They can be delivered by MSPs at scale and profitably across a client base.
Fill the cybersecurity skills gap. Without in-house expertise, organizations need a trusted partner who can provide specialized cybersecurity knowledge. MSPs can offer tailored services and flexible packages to provide organizations with the right solutions and expertise to protect them against cyber risks. Often, MSPs can do this for less than it would require an organization to build and manage a security infrastructure on their own.
Minimize security tool sprawl. MSPs that standardize on a vendor partner with a comprehensive security platform can provide better visibility, more efficient provisioning, and streamlined management and reporting. Standardizing on a single vendor can also reduce the number of tools upon which an organization relies. In addition to stronger security, a unified platform improves margins by reducing service delivery costs and total cost of ownership.
Simplify how an organization meets compliance. In an increasingly stringent regulatory environment, MSPs can ensure that their clients have the solutions to meet compliance and the reporting to validate it, helping clients avoid costly penalties.
Satisfy insurance requirements. MSPs can leverage their expertise in risk assessments to provide consulting on an organization's insurance "readiness," offer add-on services (such as MFA) to meet insurance requirements, assist with compliance reporting and provide claims process support.
The demand for managed security services is the rare point of consistency in this uncertain and unpredictable economy. For MSPs, now is the time to optimize their service mix and establish or deepen their relationship with a unified security platform vendor to better serve clients. Capturing those opportunities now will lay the foundation for profitable, long-term engagements and drive growth as the economy improves.
About the Author
You May Also Like