Tips for MSPs on Starting, Growing an Established Cybersecurity Practice
Nearly one-third of companies in a recent survey said they use third-party firms with a dedicated cybersecurity practice.
![Security practice tips Security practice tips](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blta055a14c54a9d647/65eb2fbecc5579040a4c9482/Cybersecurity_Network.jpg?width=1280&auto=webp&quality=95&format=jpg&disable=upscale)
Cybersecurity is no longer optional in businesses of any size. With ransomware and cyberattacks at unprecedented levels, many businesses rely on their IT service providers for help, and if they don’t have the wherewithal, they risk losing business.
Nearly one-third of companies said they use third-party firms with a dedicated cybersecurity practice, according to CompTIA’s State of Cybersecurity report.
Some 51% of organizations said they planned to increase investments in security due to a breach, including incident response planning and testing, employee training, and threat detection and response tools, according to IBM’s 2023 Cost of a Data Breach Report.
Even though some general-purpose MSPs may offer some level of cybersecurity services, experts say it’s no longer enough to just provide the basics, like firewalls and antivirus protection, given the increased sophistication of attacks. They need to up their game.
“We’ve been seeing for some years now the prominence of cybersecurity in terms of demand by customers,” said Carolyn April, vice president of industry research at CompTIA.
Most MSPs now offer antivirus protection, firewalls, and backup, she said, but customers are paying greater attention to what is happening with their data, and MSPs have to elevate their security service offerings.
![CompTIA's Carolyn April CompTIA's Carolyn April](https://eu-images.contentstack.com/v3/assets/blt10e444bce2d36aa8/blt6b0c06c4ddec718f/65eb2cc266b9ef040a17eb09/April_Carolyn_CompTIA_2024.jpg?width=700&auto=webp&quality=80&disable=upscale)
CompTIA's Carolyn April
“Cybersecurity is the big practice, so if your MSP is just stuck with basics, you could be at a disadvantage to an MSSP, for example, who has decided to make it their entire practice,’’ April said.
MSPs not offering cybersecurity will only ever be able to work with a certain type of customer — who isn’t asking about cybersecurity because they typically aren’t aware of the overall value of IT managed services, noted Robin Ody, principal analyst of MSP analysis, Canalys.