More than a third of end user organisations responding to CRN’s second annual State of the MSP survey said security was the main service they looked for in an MSP.

In 2023, the range of cybersecurity demand drivers continues to grow to encompass everything from critical infrastructure changes to proposed new privacy laws and penalties, AI and even Web 3 technologies. 

In this article and video, we provide a snapshot of the state of managed security in 2023.

Growth areas

We asked Gartner Senior Director Analyst Jon Dressel for a snapshot of which cybersecurity services stood out in terms of growth.

“Gartner's estimated that the Australian security market in 2022 is about $5.8 billion dollars and it's got an overall year over year growth of 11 percent, which actually exceeds the global market slightly, which is great for Australia and their MSSPs,” he said.

Certain services that are driving much higher growth including managed detection response and Secure Access Service Edge, Dressel said. 

“Those are areas where, you know, MSPs are really interfacing with cybersecurity vendors, um, to bring – if they don't have that in their portfolio – to bring that to their portfolio.”

“Another piece is they're really looking to make that more of a platform offering than individual services, as they can put a service wrapper around those, even if they're disparate vendors. That is becoming more the norm, than it once was,” Dressel explained.

Larger managed security service providers are also expanding their portfolios to include multiple vendors for a particular service, he noted. “For instance, SASE, they may have five or six vendors that they actually have as choices for the customer. That is intended to be able to address the multiple use cases that would come about.”

Tempering sales focus
While customers are concerned about breaches and legislative change, MSPs are being urged not to see this as an invitation to force new technology on clients. 

Here's Sekuro’s Tony Campbell: “It's a definite driver for business opportunity, but we just have to be a little bit careful in tempering that… changing legislation and changing rules always create uncertainty within the market. And as such, some of those companies are coming to us with questions about what does this really mean for us?” Campbell said.

“What we do is sit down and look at where they're sitting in terms of their current position against maybe their peers, other industries, understanding where [they are] is on what we call our resiliency matrix, which is the way we define the market position from a security point of view that any business is in during its development. Then we can look at to see what are really appropriate for it.” 

“So even a critical infrastructure company that maybe doesn't have, ISO 27001 standard, maybe it doesn't have a SOC, could still be doing a lot of the right things and could be protected. So we need to understand that and uncover it before we start jumping in and trying to force the standard on them or force new technology on them.”

Opportunities are also emerging for cybersecurity partners to help people on the business side of customer organisations to manage risk. For example, some risk advisory firms are looking for partners to provide technical delivery. Tools are also evolving that can help partners manage cyber risk through a business lens.

Going deeper

MSPs need to do more than just help their clients respond to the latest noise in the market. Part of Campbell's job is to identify the next set of opportunities.

“We've seen that things like ChatGPT and other generator AI type, services out there, they're producing, indistinguishable from human art, indistinguishable from human poetry and stories. So there's going to be a lot of issues around potential fraud coming out,” he said.

Campbell has also seen some change in what customers are asking for in regards to incident response.

“SOC customers have been coming to market for the last 10 years with pretty much the same set of requirements: ‘We need you to collect lots of events, we need you to analyse those events for possible attack patterns and then tell us when something's happening and then we'll go and do the incident response’,” Campbell noted.

“We're starting to see that change a little bit, where they're coming and saying, ‘We also need you to do the incident response, we need you to come and access our systems and go a little bit deeper than you would've done before.’” 

Campbell talked up Sekuro’s focus proactivity, “so we're not waiting for those signature-style attacks that we can detect using the old model of content development inside the SOC, rather, we're looking at the behavioural analysis using things like AI and ML across the information set that we're monitoring so that we're able to see patterns as the at the earliest possible stage of any attack cycle and get in and actually shut that down before we would even have normally detected it.”

Startups at risk

The digital boom has also created new categories of security customers for MSPs as DVULN’s Jamieson O'Reilly discovered first in Web 3 and more recently in the wider equity funded software markets.

High growth software-focussed startups are a growing area, O’Reilly said. “They're definitely learning that as you are coming into the market with a software offering, you’re easy picking for hackers and criminals alike because you've got large amounts of software throwing it onto the internet but you don't have the maturity or experience necessarily to actually protect that.”

“So that creates this really good target for hackers where you've got people with lots of money, because they've just gone through investment and lots of software that's connected to the internet, but not so much experience on how to actually protect that specific software,” O’Reilly said.

O’Reilly commented on the availability of AI to create thousands of startups, “all leveraging technology that they don't really understand, nor do we – I don't think anyone fully understands it yet and it's potential. But what I saw is, anytime you introduce a novel technology, there's going to be people who, use it for good and for bad, and there's going to be people who probably know more than you about the technology that you're using.”

It was in Web 3 where O'Reilly says he became aware of the opportunity from a security business perspective.

“There were big startups that were investing hundreds of millions of dollars into blockchain technology, but then there could be an apartment full of people somewhere in another country in the world who lived and breathed blockchain for years before it ever became into the startup ecosystem, who were able to just go and wave their hands and basically just pull these companies apart,” he said.

“I think it was really probably the blockchain boom when I saw the amount of money being thrown at startups with no real consideration on security... This is just going to keep happening with every new technology boom. And it's definitely already happening with AI and still with blockchain. 

“The same thing that happened early with blockchain happened again with the whole NFT craze – companies investing tens or hundreds of millions of dollars into these platforms to trade NFTs and they just weren't prepared for the attacks. So, I see there's opportunity there.”