australia security breach msp customer risk

Channel Insider content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

With the Australian government expected to introduce sweeping reform to cybersecurity laws, organisations are more aware than ever of their exposure to cybercrime. This awareness is leading to significant new opportunities for MSPs; however, MSPs also need to be careful that their customers don’t assume they can take on the risk while providing services.

The scale of the most recent high-profile attack — the Latitude Financial breach — continues to grow and now sits at a minimum of 7.9 million affected customers. This follows in the wake of similarly large breaches at Optus and Medibank last year. The scale of these attacks has driven a significant increase in spending and interest in cybersecurity.

“We’ve seen as much as an 80% increase in cybersecurity spend,” Protectera’s director of enterprise solutions, Gurpreet Singh Jodhka, said. This tracks with a study conducted by Fastly last year that found 78% of businesses in Australia and New Zealand are increasing their investment in cybersecurity.

“The majority of concerns are related to increased attack surface due to cloud adoption and remote working,” Jodhka said. “Customers also now struggle with having too many tools to manage to achieve an appropriate threat coverage, and this is being exacerbated by the skills shortage.”

The Challenge in Managing Customer Expectations

The cybersecurity skills shortage is accelerating: it is expected that Australia will be 30,000 cybersecurity professionals short of what they’ll need within the next four years. With the cost of acquiring skills accelerating in kind, it is unsurprising that businesses — especially smaller businesses and those outside of the technology industry — would be looking to MSPs to plug the gaps.

However, Jodhka said this is raising a new concern that MSPs will need to manage with their customers. “Some customers assume that having an MSP means they outsource the risk to a third party as opposed to outsourcing a job function,” he said. “They need to understand that risk still belongs to them.”

The government, as part of its cybersecurity reforms, is looking for ways that it can be a more proactive partner and resource in combatting cybercrime. In the meantime, however, it is critical that MSPs proactively engage their customers to properly articulate and clarify risk ownership.