Cyberattacks Causing MSPs to Lose Their 'Competitive Edge'

MSPs have to deal with more dire circumstances, including loss of competitive edge, from cyberattacks than do companies in many other industries, according to new findings by Netwrix.

Netwrix’s 2024 Hybrid Security Trends Report is based on a global survey of more than 1,300 IT and security professionals. It reveals that 76% of MSPs spotted a cyberattack on their infrastructure within the last 12 months, similar to the results among organizations overall (79%).

Among those attacked, roughly one in every two (51%) MSPs had to deal with unplanned expenses to fix the security gaps. Moreover, 31% experienced a loss of competitive edge, and 27% faced compliance fines, compared to 20% and 17% across other verticals, respectively.

For the MSP sector, each second security incident in the cloud (49%) was associated with user account compromise, while 46% of attacks on premises were ransomware or other malware attacks. In contrast, these types of attacks were less common among other industries.

Dirk Schrader, vice president of security research at Netwrix, said that given the MSP business model that anticipates access, frequently a privileged one, to the IT systems of their clients, it’s no wonder that attackers see MSPs as a lucrative target.

Netwrix's Dirk Schrader

“However, it is indeed surprising that 31% of the MSPs reported dealing with a loss of competitive edge, compared to 20% in other sectors,” he said. “These statistics prove that a cyber incident might have a huge impact on the MSP’s reputation and even cause customer churn.”

Loss of Competitive Edge Means Losing Customers

Loss of competitive edge means changes in customer preference, Schrader said. An MSP needs to inform clients about any incident that will become a talking point in the market and impact the its reputation.

Due to contracts between MSPs and their clients, the responsibility for data breaches is transferred along with the risk of facing compliance fines, he said.

“Providing more or better training to IT staff topped the list of measures IT professionals who work for MSPs would implement if they had a chance to decide on their own,” Schrader said. “It’s no wonder that the need for in-depth training is a trend for MSPs. The tools they use evolve rapidly. To stay on the competitive edge of the MSP market, it is vital to keep up with emerging technology through continuous training.”

Netwrix’s findings indicate MSPs are pretty mature in terms of cybersecurity architecture and do a lot to ensure their own and their clients’ security, he said.

“Nevertheless, identity governance and administration (IGA) looks like an area for improvement in this industry,” Schrader said. “MSPs deal with lots of identities and accounts provided by customers to render their services, and IGA can be a tricky task, especially when this needs to be done in coordination with each customer’s governance requirement. Segregation of duties can help MSPs avoid the risk of access misuse, prevent conflict of interest and enhance accountability of identities. Flexible workflow for identity provisioning can assist MSPs in handling identity management by automating and streamlining the identity management process.”