Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of Digitalisation World is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The Digitalisation World Video magazine contains the latest Zoom interviews with experts in the industry.
The global managed security services market is booming. By one estimate, it’s set to grow at a CAGR of more than 15% over the coming years to reach nearly $88bn (£66bn) by 20230. For end customers, investing in an MSSP is increasingly a no brainer, driven by cost, threat actor and skills pressures. For traditional managed service providers (MSPs), this is a huge opportunity.
But transitioning to become a fully fledged MSSP, or adding security to an existing portfolio of services, isn’t without its risks. To get there, MSPs will need to choose their vendor partners carefully.
Why MSSP, and why now?
Trend Micro blocked 147 billion threats globally in 2024. That hints at the scale of the challenge facing UK organisations. In fact, government figures reveal that 43% of UK businesses suffered a breach last year, rising even higher for medium (70%) and large (75%) firms. As AI lowers the barriers to entry for opportunistic threat actors, boards are starting to appreciate the mounting impact on business risk. Yet a growing security workforce gap, which has reached 392,000 in Europe, and macroeconomic headwinds mean few have the resources to spend big on staff or security technology.
That makes managed security services an increasingly attractive option. That’s especially true for businesses struggling to manage a growing number of compliance mandates, from DORA and NIS2 to the forthcoming UK Cyber Security and Resilience Bill. As their digital footprint grows, as it must, so does their attack surface and the potential impact of a security breach. Insurers are also demanding investments in services like managed detection and response (MDR) in order to qualify for coverage or lower premiums.
All of which should be music to the ears of ambitious MSPs. Those prepared to evolve into an MSSP could benefit from increased margins, new revenue streams, competitive differentiation, and increased customer loyalty. But if it were that simple, every MSP would be doing it. The truth is that many providers are also struggling with skills shortages, and economic and business uncertainty that tends to stymie major transformation initiatives. They’re also keenly aware that this is already a highly competitive space where reputation is hard won and easily lost. This is where choosing the right vendor becomes critical.
The platform play
MSPs should do their due diligence carefully. The market is full of vendors all touting silver bullet, AI-powered solutions to everything from GDPR compliance to employee fraud. Peer reviews and independent assessments by analyst houses are a good way to whittle these down. The right vendor will also have well-regarded enablement, training and go-to-market programmes to help MSPs close skills gaps and resource shortages.
Even more important are platform-based offerings which centralise multiple capabilities in a single, multi-tenancy solution. This reduces complexity and administrative overheads for the MSSP/MSP, while keeping end-customer data secure and isolated and supporting more seamless, cost-effective scaling. Look for vendors that offer a broad range of threat prevention, protection, detection and response capabilities across multiple layers of the IT environment. This means threats can be more effectively correlated from different parts of the platform for improved insight and response.
A strong vendor focus on automation and AI can also help to take more of the pressure off the partner’s in-house team, streamline workflows and reduce alert overload. Generative AI assistants are particularly useful in helping to act as security operations “copilots”. Better still, find a vendor offering MDR services, where their expert team does most of the heavy lifting.
Embracing the change
So how can ambitious MSPs embrace these trends and evolve their services? This first step must be assessing their current offerings and skill sets and identifying any gaps in capability. They will need to build a business case for any transition, focusing efforts on a clearly defined target market for maximum impact. Then it’s time to do that vendor due diligence. Investment in technology and skills are unavoidable, but they don’t have to be prohibitive
Some channel programs in Europe are already embracing the shifting landscape. For example, one global cybersecurity vendor recently overhauled its partner program to reflect the new reality, removing the distinction between MSP and MSSP and replacing it with a unified programme.
Time to grow
The nature of cyber risk is changing. UK businesses are no longer satisfied with one-off fixes and reactive cybersecurity. They want continuous risk management and monitoring. They want to understand their threat exposure in real time, and they need partners who can help them interpret that information and continuously remediate any issues to build resilience. MSPs that can deliver on these requirements will be well placed to differentiate themselves.
They could also be on a fast-track to growth. Canalys estimates annual channel revenue growth was just 5% in 2024, while that for managed security services hit 15%. Those are figures no MSP can ignore.
