It doesn’t appear that cybersecurity is exempt from a wave of cutbacks that have been made by organizations around the globe, but if there is one bright spot from a managed services perspective, it is that more organizations are relying on external service providers.
A survey of 100 cybersecurity professionals in the U.S. conducted by CensusWide on behalf of HackerOne, a provider of a platform contracting ethical hackers, finds 39 percent of organizations have made security headcount cuts in the last 12 months, with 40 percent planning to make cuts in the next 12 months. A similar number (34 percent) have also cut their security budgets, with a quarter planning to make cuts to their cybersecurity budgets in the next 12 months, the survey finds.
Most organizations are experiencing the cybersecurity of a Hobbes dilemma. They are clearly more afraid than ever of the potential disastrous impact of a cybersecurity attack, but they lack the resources to make a viable defense. Managed security services provide a middle ground alternative that allows them to bolster their defenses while reducing their total cost. At the core of the approach is the simple fact that the cost of cybersecurity labor is assumed by the managed services provider.
Increased demand for XDR
MSPs, of course, are allocating those costs across multiple customers. However, the expectations of customers are increasing to the point where they expect the MSP to provide a wide range of services for a lower price point.
Historically, most MSPs were focused on providing a monitoring service that provided alerts. However, most of those alerts lacked the context that would make them actionable. Now, MSPs are being asked to deliver extended detection & response (XDR) services to their customers that secure the entire attack surface from endpoints connected to the network, to cloud computing platforms hosting applications.
Obviously, it’s a lot more expensive to deliver those services, so savvy MSPs are looking to partner with vendors that provide a complete set of comprehensive cybersecurity services. Rather than having to integrate all the individual point products required to deliver a complete cybersecurity platform, it’s become clear that reselling a customized set of existing XDR services makes more economic sense.
The times are changing for managed security services
Longer term, it’s also evident that artificial intelligence (AI) capabilities that will be required for managed service providers to remain relevant, can’t be provided by an MSP that collects data across a narrow base of customers. Training an AI model to accurately surface cybersecurity recommendations will require data from thousands of customers. Very few MSPs have a customer base that is broad enough to capture that amount of data.
Ultimately, as demand for managed security services increases, the cost of delivering those services is declining. Each MSP will have to navigate what, from a margin perspective, is the right price is for delivering a unified set of cybersecurity services. However, as it becomes simpler to resell managed security services, the number of rivals identifying themselves as MSPs will naturally increase. That may not always sit well with MSPs that have invested heavily in building their own platforms to deliver those services but, like it or not, the times are, as noted by Bob Dylan, changing one more time.
Photo: FotoCor78 / Shutterstock