Cybersecurity remains top of mind in SMBs and a huge opportunity for MSPs, according to ConnectWise report.
The second annual ConnectWise SMB State of Cybersecurity report revealed that more than three-quarters of respondents are concerned they will be the target of an attack in the next six months, and 91% of SMBs said they would consider using or moving to a new IT service provider if it offered the right cybersecurity solution.
The ConnectWise report was conducted to establish the areas where SMBs need protection and the potential pitfalls so that MSPs can appropriately support them.
“In addition, we wanted to illustrate why Managed Services Providers (MSPs) should be working with their clients to ensure they are educated on the evolving threat landscape and the solutions that are needed to stay protected, as well as the risks involved if a robust security strategy is not in place,” explained John Schweizer, vice president, ConnectWise.
These findings should be of particular interest to ConnectWise’s partner community, especially since any vendor that plugs equipment into the SMB’s network opens the door to cybersecurity risks.
“One could view this as a larger opportunity for the dealer community to lean in with security in a meaningful way that most MSPs aren’t able to,” said Schweizer. “What I mean by that is dealers have an operational maturity and sales process that MSPs struggle to find. A dealer that engages in managed IT services and buildout, their cyber practice will be perfectly positioned to capitalize on the growing awareness cybersecurity presents.”
The study was carried out between June and July 2020 and gathered information from 700 IT and business decision-makers involved in cybersecurity in their organization. Respondents’ organizations have between 10 and 1,000 employees.
With 86% of SMBs placing cybersecurity within the top five priorities for their organization, six in 10 are planning to invest more in cybersecurity because it reduces risk for their organization.
The study also revealed that more than half of SMBs surveyed (52%) agree they lack the in-house skills necessary to deal with security issues properly, and 49% of SMBs find more cybersecurity expertise as an added benefit of working with an MSP.
This interest in cybersecurity investment suggests SMBs are looking to MSPs to help close the skills gap and presents a growing market opportunity for MSPs to protect clients against growing threats.
A surprising finding, at least to Schweizer, was that the overall responses from the SMBs surveyed was at odds with what ConnectWise’s partner community has been sharing.
“The view from the SMB is they know there are issues and are ready and willing to change service providers to get the right cybersecurity (93%),” he said. “And it’s evident when most SMBs list cybersecurity as a top or top-five priority in their business. They are clearly concerned and willing to take action to protect their business.”
The Right Security Solution
Sixty-eight percent of respondents said the “right” offering means having confidence in an MSP’s ability to respond to security incidents, while 58% stated it is confidence in an MSP’s ability to minimize damage or loss. What is considered the right security solution?
“While we didn’t specifically ask the question what is the ‘right’ cybersecurity solution, what companies want most in a cybersecurity solution—and from a provider—is confidence that they will be able to assess risk, have the ability to detect and respond to threats, and minimize any damage or loss in the event of an attack,” said Schweizer.
Education, Risk Awareness, and Responsibility
The survey results highlight SMBs’ fundamental lack of education and understanding of what good security looks like. While that presents opportunities for MSPs to provide their customers with protection, Schweizer said they need to learn how to best work with their customers to educate them.
MSP partners also need to ensure their customers know what to expect from them, and what the risks are if the customer fails to implement a robust security strategy.
“They also need to make it clear who assumes responsibility in the event their customer suffers a cybersecurity attack,” noted Schweizer.
ConnectWise believes it has a responsibility to educate its MSP partners on everything from best practices on working with customers, implementing an effective security solution, and conversing with customers about potential risks and what they are responsible for as the security provider. ConnectWise also offers IT Nation Certify cybersecurity training courses and certification to address those areas.
Remote Work Raises the Risks
More employees working remotely and/or businesses adopting a hybrid work environment create more opportunities for MSPs to engage with customers and prospects.
“The trend to remote workforces tends to make companies more vulnerable to ransomware and other types of cyberattacks, especially as the increasing use of mobile apps and BYOD in the workplace introduce more risk,” observed Schweizer. “I think it will only raise the awareness of cybersecurity issues and increase the importance of security in the minds of SMBs. And of course, it also opens up more opportunities for MSPs to provide those needed security services.”
In response to growing numbers of employees working from home, ConnectWise has increased its focus on partner cybersecurity education and training that takes remote work into account.
“We were already in the process of ramping up all of our training, including our Certify cybersecurity courses and certification early in 2020 before COVID-19 hit,” noted Schweizer. “Then, we had to put more emphasis on securing remote workers. We also had to quickly pivot to offer that training in a virtual format.”
With employees working from home and not using their office equipment at or close to previous numbers, dealers are looking for other recurring revenue streams to close the gap on lost or reduced equipment business.
“By investing in cybersecurity now and leveraging education to bring your team up to speed, a dealer would be perfectly positioned to capitalize on managed IT services that include cybersecurity,” said Schweizer. “Some large portion of dealer clients are not coming back to the office, ever. A dealer that invests in cyber and their MSP business creates an additional value proposition to keep their customer engaged.”
While COVID-19 has increased the number of cyberattacks, the pandemic did not significantly impact respondents’ views towards prioritizing cybersecurity. However, COVID-19 has raised new concerns for SMBs, with 79% of respondents worrying about their remote devices or remote employees being breached. As SMBs continue to explore and expand their remote workforce, this can also present areas of growth for MSPs.
Talk Track
ConnectWise partners that have had the most success selling their services don’t talk about products.
“Technology is a tool for how we solve problems,” explained Schweizer. “I would prefer dealers lean on their knowledge and experience, talking about the risk to the business from a cyberattack including, of course, extended downtime, but also seeking to understand the impact to the business’s reputation, compliance issues, employee morale, and the negative impact to their business when the SMB can’t deliver their services. Most people are talking about the sky falling and the cost of ransomware, which continues to climb. But that doesn’t move the needle until the SMB understands they are getting ‘the right cybersecurity.’”
“Confidence remains a key factor for SMBs in choosing the ‘right’ MSP offering for their business needs,” added Jay Ryerse, certified information systems security professional (CISSP), vice president of cybersecurity initiatives for ConnectWise, in a press announcement. “Currently, only 13% of SMBs are having regular cybersecurity-related conversations with their MSP. Even more worrisome is the fact that 29% of SMBs talk to their MSP about cybersecurity only after they have suffered an incident. It’s clear that MSPs must work to reinforce that confidence and build closer relationships with their clients.”
Opportunities Abound
With more than 80% of organizations surveyed reporting that they use an MSP and another 5% saying they won’t ever use an MSP, a dealer may wonder why they should bother with managed services.
“Managed services as we know them are changing quickly and in many cases, the SMB is trying to simplify their business and is looking for one company that can deliver all the technology solutions they need, including office equipment, IT, VoIP, cloud, and now, cybersecurity,” said Schweizer. “A dealer’s maturity in taking care of their clients is a good reason for the SMB to consider them for all of their technology needs.”
The report also found that 29% of SMBs plan to change to a different MSP. SMBs looking to make a change are doing so because they are more likely to have experienced inadequate security protections from their MSP than SMBs who plan to stay with their current provider. They are also more likely to lack confidence in their MSPs’ ability to defend them from a cyberattack. Schweizer pointed out that these organizations tend to have fewer conversations with their provider about cybersecurity—32 times a year, on average, compared to 40 times a year for those planning to stay with their current provider.
“Not surprisingly, cyberattacks are also a big reason SMBs change providers,” observed Schweizer. “Nearly a quarter of respondents whose organization had suffered an attack said they need to make a change. Whatever the specific reason driving the change, it’s clear that SMBs will not hesitate to change providers for the right cybersecurity offering, and they’re even willing to pay more to do so. In fact, 93% say they would consider moving to a new MSP if they offered the ‘right’ cybersecurity solution, even if they weren’t planning to change.”
Fear of legal action against them in the event of an attack is another reason that a dealer may not want to get into the MSP business. However, Schweizer says that should not deter dealers.
“Rather, take time to very carefully and deliberately set expectations about responsibility and liability in the event of a cyberattack,” said Schweizer. “Having a conversation with your customers about who owns the risk is critical. Because if you don’t, that risk will ultimately fall on you, and that could be a huge liability.”
Business 101
Dealers can download the ConnectWise SMB State of Cybersecurity report on the ConnectWise website. They can then use this information to better understand what their clients would like them to solve.
“It’s Business 101—don’t invest in something your clients don’t want, and deliver more of what they do want,” said Schweizer. “They want one provider to help with technology that can help them understand and clearly articulate the impact to their business based on technology investments. Who better to have that conversation than a dealer with the experience, resources, and team that focuses on improving the lives of their clients via technology?”
Access Related Content
Visit the www.thecannatareport.com. To become a subscriber, visit www.thecannatareport.com/register or contact cjcannata@cannatareport.com directly. Bulk subscription rates are also available.
