As AI accelerates the pace and sophistication of cyberattacks, managed service providers are rethinking growth strategies that once prioritized customer acquisition above all else.
In this Q&A, CyberSentriq CEO Myles Bray explains why more MSPs are tightening onboarding standards, focusing on higher-quality customer relationships, and viewing portfolio discipline as a competitive advantage rather than a barrier to growth.
- Are you seeing more MSPs begin to reconsider the “get more customers at any cost” model we’ve seen historically?
- What do you think is causing this shift?
- As MSPs rethink their customer strategies, what do you think they need to prioritize?
- Operationally, what do MSPs who focus on quality over quantity need to remain disciplined to stay profitable?
- Consolidation and acquisition remain active throughout the channel. Does this new approach to customers change the market at all?
Are you seeing more MSPs begin to reconsider the “get more customers at any cost” model we’ve seen historically?
Yes, and it’s a significant shift from what we’ve historically seen. The “get more customers at any cost” model is becoming harder to sustain, largely because cyber threats are growing more sophisticated as AI reshapes the landscape on both sides of the fight.
Attackers are using generative AI to launch faster, more convincing, and more scalable attacks, while defenders increasingly rely on AI-driven detection to keep pace. That’s prompting businesses to increase security budgets and lean more heavily on MSP support, and reflects growing awareness of cyber risk.
But it also means MSPs can no longer afford to grow the old way. Defending against yesterday’s threats isn’t enough when the offensive AI landscape evolves daily, and that requires a more selective, higher-control customer base, not a bigger one.
What I’m seeing is more MSPs acknowledging that value is defined by quality and control, not volume. Saying “yes” to every prospect might generate short-term profit, but managing multiple customers with weak controls compounds supply chain risk over time. That risk is magnified when AI-powered attacks can exploit the weakest link in a client roster far faster than before.
The fastest-growing MSPs aren’t necessarily those with the largest customer bases. They’re the ones who have refined their ideal client profile, set clear service boundaries, and are prepared to walk away from customers who pose disproportionate risk. In an AI-driven threat landscape, that discipline is essential to protecting both profitability and the wider client base.
The same principle applies to technology vendors. MSPs gain more value by partnering with a smaller number of strategic vendors that use AI, automation, and shared data to improve security outcomes, simplify operations, and deliver greater value across every client.
What do you think is causing this shift?
When business systems are breached, customers and other stakeholders often look for someone to blame; most of the time, that falls on the MSP, which impacts their reputation and profitability. Furthermore, given the increasing regulatory and cyber insurance pressures in the U.S., it’s no surprise that MSPs are becoming more selective about their client base.
From an operational perspective, onboarding clients with weak security controls raises an MSP’s cost to serve per client. These customers not only increase an MSP’s overall risk profile but also drive higher operational costs through increased alert volumes, manual interventions, and inconsistent workflows.
This not only impacts an MSP’s protection capabilities but also diverts resources from existing customers, as teams are forced to concentrate their efforts on lower-maturity accounts.
As MSPs rethink their customer strategies, what do you think they need to prioritize?
Profitability and scalability are essential for all MSPs, but they should never come at the expense of operational consistency. MSPs should start by establishing clear non-negotiables when onboarding new customers: core access controls, patching, and multi-factor authentication, using this as a framework for both onboarding and ongoing service delivery.
The next step is to measure customers not just by budget or contract size, but by how well their operating model aligns with the MSP’s own. Cybersecurity is a collaborative, ongoing discipline, so if a customer’s procedures don’t fit an MSP’s framework, or their security posture fails to improve despite proper guidance, that’s a clear signal to walk away.
This matters more than ever because the AI era is reshaping the threat landscape for MSPs and their SMB customers alike.
We already manage significant data volumes on behalf of our customers today, using AI models to identify and prevent threats in real time, and we’re continuing to invest further in AI-based solutions to keep pace with this evolving risk. CyberSentriq brings cybersecurity, backup, recovery, and operational resilience together in a single integrated platform, giving partners a more efficient way to manage these critical services while delivering stronger protection.
Finally, MSPs should actively prioritize customers who see cybersecurity as a shared responsibility and are willing to collaborate on continuous improvement, rather than acting as passive recipients of IT services.
Operationally, what do MSPs who focus on quality over quantity need to remain disciplined to stay profitable?
While maintaining a strong customer portfolio is essential for MSPs to scale, providers should also recognize that cyber resilience is not static. Customer risk changes continuously, so resilience must be managed through ongoing assessment rather than a one-time evaluation.
As a result, offboarding high-risk customers will increasingly become a defining characteristic of top-performing MSPs.
The most successful MSPs will clearly define their security non-negotiables and refuse to compromise them, even for high-revenue, high-risk customers. By maintaining these boundaries, they reduce systemic risk across their client base and prevent a single customer from consuming disproportionate operational resources or weakening the security of the wider portfolio.
The same discipline should extend to technology partnerships. Rather than managing a large ecosystem of disconnected tools, leading MSPs are consolidating around a smaller number of strategic vendors that leverage shared data, AI, and automation.
This not only simplifies operations and reduces management overhead but also delivers stronger security outcomes and greater value across every customer they support.
Consolidation and acquisition remain active throughout the channel. Does this new approach to customers change the market at all?
Historically, channel consolidation has been a numbers game driven by contract values, customer portfolio size, and revenues. However, a “quantity over quality” approach is increasingly a red flag for buyers.
If an MSP’s customer base is filled with low-maturity customers, an acquirer isn’t just buying growth; they are inheriting major risk and liabilities. Portfolios like these actively devalue MSPs, severely limiting their ability to merge or partner with top-performing providers.
In contrast, highly disciplined MSPs that have enforced strict security baselines and portfolio hygiene are becoming the most valuable targets because their standardized, low-risk environments ensure predictable margins and seamless post-merger integration.





