Justifying the value of cybersecurity has always been a challenge because managed service providers (MSPs) are trying to ascribe a cost to an event they hopefully prevented from occurring in the first place. In effect, defining the savings derived from investing in cybersecurity is essentially attempting to prove a negative.
However, it is possible to ascertain the total cost of detection, containment, remediation, and recovery. A survey of more than 600 IT and cybersecurity professionals conducted by The Ponemon Institute on behalf of Deep Instinct, a provider of endpoint protection software infused with machine learning algorithms, estimates the economic value of preventing a cybersecurity attack ranges from $396,675 to $1,366,365. These values depended on whether the attack involved ransomware at the low end of the scale or a complex attack launched by a nation state at the top end of the scale.
Understanding those costs will be especially critical for managed security service providers (MSSP) in the weeks ahead. Many organizations will be looking to drive down their IT costs as much as possible to mitigate the impact of the economic downturn caused by the efforts to combat the COVID-19 pandemic.
Many of those organizations will naturally look toward managed services as a means to specifically drive down their cybersecurity costs. While that’s good news for MSSPs, there’s going to be a lot of pressure on MSSPs to cut pricing. MSSPs will need to carefully balance their costs against what customers are willing to pay.
Far too often, customers are only willing to pay the lowest price they’ve been quoted without regard to service. If the average cost of preventing a specific type of cybersecurity attacks was in the hundreds of thousands of dollars, savvy MSSPs will remind customers that now may not be the best time to bet everything on a service provider that may be promising a lot more than they can actually deliver.
Cyberthreats remain prevalent
The volume and sophistication of cybersecurity attacks is only going to continue to increase. The need for real cyber expertise never goes away. The only thing that changes is the number of organizations that can really afford it at any given time.
Naturally, MSSPs will need be flexible when it comes to pricing. There’s always room to negotiate. That flexibility can come in the form of more flexible payment terms and additional services that are layered into the terms of the contract for a specific period of time. However, MSSPs will need to hold the line on pricing no matter how tempting it might be to panic. After all, MSSPs are facing the same economic pressures as any other.
The real question is how long the current economic crisis will endure. Governments around the world are making trillions of dollars in funding to keep businesses afloat, and by extension, people employed. No one knows for sure but for now MSSPs should assume that signs of a recovery may come before the end of the year.
If that’s the case, then the issue at hand is how best to support customers in the short term without sacrificing the overall health of the business. No doubt, vendors and distributors will play a significant role in helping to balance that equation. In the meantime, MSSPs should do everything in their power to help customers short of becoming yet another casualty of the downturn itself.
Photo: Brian A Jackson / Shutterstock
