MSPs React to Proposed Cybersecurity Regulations in US and UK

MSPs have offered a mixed reaction to proposed new cybersecurity regulations.

Governments on both sides of the Atlantic have suggested implementing cybersecurity frameworks for MSPs following a spate of cyberattacks this year.

There have been two cybersecurity executive orders in the U.S. – one issued in May, another signed in July.

In the U.K., MSPs could be required to follow new cybersecurity rules as part of new proposals to help British businesses manage the growing cyber threat. The government says MSPs may need to adhere to the National Cyber Security Centre’s Cyber Assessment Framework.

MSPs on a virtual N-able Partner Panel this week shared their views on the new cybersecurity regulations.

“A Race to the Bottom”

Tomorrow’s Technology Today’s Lisa Niekamp-Urwin

Lisa Niekamp-Urwin, CEO of Ohio-based MSP Tomorrow’s Technology Today believes the proposed regulations are a good thing. This is because “now somebody is finally making that initial step to make sure that everybody’s working to the same direction.”

She explained: “My biggest issue is my competitors. Some of my competitors don’t do what they should be doing. For many of them it’s a race to the bottom. That is not a win for anybody. There’s no way that they can take care of things the right way when we’re racing to the bottom. So I think that’s going to help elevate a lot of MSPs and help all of us perform better.

“Looking Forward to It”

Meta Eagle’s Lee Robinson

Lee Robinson, co-founder of U.K. MSP Meta Eagle agrees.

“Regulation is absolutely key. In business, we have accountants to do our financial stuff, and we’ve got solicitors that do our legal stuff. Would I let some random person that I met down the pub look after the legal affairs of my company? No. Would I want to let my mate Dave look after my company books? No. So why would I let someone who’s got no real proven track record or conforms to a particular standard look after my IT infrastructure? It’s crazy, but it happens. Especially if you’re aiming to deliver a premium service and you’re getting undercut massively because said IT company isn’t offering nearly as much as you do.

“So that regulation is key, because so important. I’m actually really looking forward to it.”

“Too Confusing”

Impact Networking’s Patrick Layton

However, Patrick Layton, vice president of managed IT services at Illinois-based Impact Networking fears customer confusion.

“What’s currently happening, at least in the States, is the New York laws and California laws and now what Illinois has proposed are in direct contradiction of each other. I have clients that operate in those different locations. They come to me and say, ‘It’s not very clear.’ And you need a lot of time, and you need experts to understand it.

“They take a good idea and do the same thing all governments do, which is put all sorts of garbage and it makes it really confusing.

“I would rather see some kind of global consortium that tries together instead of individual governments competing, and lobbyists making the rules the way they are because of money versus what we should be doing.

“I don’t know how we’re gonna fix it. But I don’t know that the local government idea is going to actually help us. I think it’s going to be more confusing.”