Managed service providers (MSPs) have been benefiting from increased spending on security software and services throughout the past year. However, while industry analysts report that spending on security has, on average, increased by 9 percent on a year-over-year basis, a new report from Kaspersky notes that on average, small-to-medium businesses (SMBs) only spend $205,000 annually on security. That compares to $8 million on average for larger enterprise organizations. It would suggest that especially among SMBs served by MSPs, the base of spending growth is relatively small.
On the plus side, a separate Kaspersky survey of 5,000 organizations finds 70 percent of respondents expect their IT security budget to continue to increase in the next three years. Kaspersky research also shows that in 65 percent of SMBs and 68 percent of enterprises, top tier management now actively contributes to decisions regarding cybersecurity. That’s a very good thing for MSPs because the Kaspersky studies show a correlation between cybersecurity budgets and top management involvement.
For companies with a budget of more than $5 million, the majority (72 percent) have executives take part in the financial aspect of IT security. For companies with budgets ranging up to $25,000 for enterprises and up to $2,500 for SMBs, the percentage of those with C-level executives involved in budget decisions is only around 50 percent.
Where MSPs should prioritize their efforts
Organizations that have business leaders participating in the cybersecurity buying process clearly place a higher value of making sure their digital assets are as secure as possible. Those business executives are also more likely to evaluate the financial and technical merits of relying on a service than the average IT leader. That’s not to say MSPs should ignore IT leaders. But it’s clear that in many cases, IT leaders are going to have a natural bias toward their own capability.
Many IT leaders still view it as a slight to their own expertise whenever an organization relies on any external service. Not all IT leaders, of course, think that way. But there are still enough that do so to warrant MSPs to focus their efforts more on organizations that include business leaders in the evaluation process.
Business leaders are more likely to consider the total cost of any proposed solution
On one hand, organizations may have already hired full-time IT employees. At the same time, however, they may need to hire additional employees to manage cybersecurity internally. Internal IT teams may not appreciate all the money that is being spent to license legacy cybersecurity technologies that would otherwise be saved by relying on a service. In addition, many business leaders have a marked preference for treating all forms of IT as an operating rather capital expense.
It’s apparent that MSPs have both an economic and technological advantage when it comes to cybersecurity. The challenge most MSPs face is simply getting the opportunity to make their case to business leaders that tend to think more about the impact IT is likely to have on the business as whole, rather than — no matter how well intended — the inherent biases of any single IT department.
Photo: Matej Kastelic / Shutterstock