MSPAlliance Issues New Cyber Risk Rating for Service Providers

The International Association of Cloud & Managed Service Providers (MSPAlliance) Thursday unveiled a new cyber risk rating for cloud and managed service providers.

Based on its 15-year-old standard for MSPs, the Cyber Verify Risk rating is aimed at allowing service providers and their customers to more accurately assess the cyber risk of the provider and, by extension, of the customer environment. The rating system is designed to communicate cyber risk protection practices employed by service providers.

Consumers of cloud and managed services can use the rating system to determine what type of provider will be best suited to their needs.

MSPAlliance’s Charles Weaver

Charles Weaver, MSPAlliance’s CEO, tells us MSPs are always looking for ways to differentiate their services from break/fix and reactive IT companies, especially when these break/fix companies now are being implicated in cyberattacks and data breaches.

“The Cyber Verify rating will help providers communicate more effectively to customers regarding their internal security status and capabilities,” he said. “The rating is actually based on the Unified Certification Standard for Cloud & Managed Service Providers (UCS). The UCS is maintained by a group of MSPs who hold the certification and are responsible for keeping it updated and current with global trends facing MSPs.”

A cyber risk rating brings several important tools to providers and their customers in the fight against cyber bad actors. according to MSPAlliance. Providers can communicate their capabilities in fighting against cyberattacks on behalf of the customer. In addition, it educates providers and customers on what capabilities and tools are most helpful in defending against cyberattacks

Customers need to know which providers are delivering proactive cyber defensive solutions compared to those providers merely reacting to attacks, the alliance said. Reactive providers do not help customers prepare for or guard against cyberattacks, but instead deliver “after the fact” cleanup services once the damage has been done, it said.

“The rating will likely evolve as the market evolves,” Weaver said. “However, the core principle behind the rating should remain fairly stable.”