Incident response plans are one of the most fundamental cybersecurity disciplines, determining how well an organization is able to respond to a cyber attack. And surprisingly, most customers of managed service providers (MSPs) lack such plans.
That was one of the key findings of a Kaseya survey of more than 1,200 MSPs in 40 countries that was released today.
The survey, which examined key trends in the MSP market, found that despite the growing threat of cyber attacks, only 4% of MSPs reported that all of their clients have an active incident response plan. About half of the respondents reported that only a quarter of their clients have an active incident response plan, and 8% of MSPs stating that none of their clients had an incident response plan in place.
The survey suggests that incident response remains one of the biggest opportunities for MSPs.
Cybersecurity ‘Top of Mind’
After a year in which even Kaseya itself was hacked, the survey found that “Cybersecurity remains top of mind. MSPs are feeling increasingly concerned about the cybersecurity landscape.”
Half of MSPs see their businesses as more at risk to cybercrime, an 11% increase from a year ago. There’s good reason for that, as almost half of the MSPs reported that “a significant portion” of their clients fell victim to a cyberattack within the last year.
Opportunity follows peril, however, and half of MSPs said they evaluate the threat landscape quarterly to add new service offerings for their organizations. More than 95% of respondents said clients turned to them for advice on cybersecurity plans and best practices in the last year.
Compliance, Disaster Recovery Rank High
High-profile cyber attacks and data privacy issues have also caught the interest of government regulators.
Nearly 75% of the MSPs said their customers struggle to meet regulatory compliance requirements. Not surprisingly, 74% of MSPs said they currently provide or are gearing up to provide compliance services to their customers.
The compliance laws and regulations most affecting MSP customers are:
- HIPAA (59%)
- PCI DSS (41%)
- GDPR (27%)
Disaster recovery remains directly tied to security and compliance, particularly amid growing threats like ransomware and data-destroying “wiper” malware.
To that end, most MSPs are testing their disaster recovery capabilities, but the frequency varies. The survey found that 30% of MSPs simulate disaster recovery capabilities quarterly, 25% test annually and 9% test monthly, while 15% admit that they never test.
Remote Work Creates Opportunity and Challenges
More than half of the MSPs said the pandemic enabled them to expand services within their client base, while 62% said it led to an increase in their overall monthly recurring revenue (MRR). Nearly half of the MSP respondents reported monthly recurring revenue growth above 10% because of these factors.
“Remote and hybrid workplaces appear to be here to stay,” the survey said. “The ongoing challenges this brings to businesses presents opportunities for MSPs.”
According to the MSPs surveyed, the three most requested technologies from clients are remote workforce setup (22%), cloud migration (21%) and business continuity (13%).
MSPs, meanwhile, report that the biggest IT challenges they face are security, business continuity and disaster recovery, and managing remote workers.
The pandemic has also meant supply chain and hiring challenges, which have also affected MSPs. A whopping 92% of MSPs said supply chain issues have affected their ability to sell solutions, and 19% said hiring will be their primary challenge in 2022 – a 15% jump from a year ago.
Efficiency, M&A Round Out Concerns
Given all the challenges, MSPs rank efficiency high on their wish lists, with 96% saying that integrating core applications like RMM, PSA and IT documentation is important to their business, and 78% saying it drives profitability.
“MSPs looking to acquire new clients will find that seamless integration between tools allows them to optimize business processes, boost productivity and deliver better customer service,” said Kaseya, a provider of ITSM and other MSP-targeted solutions.
Mergers and acquisitions are an ever-present part of the channel, and Kaseya found plenty of activity there too – nearly 36% plan to sell or acquire within the next 24 to 36 months.