The cybersecurity landscape is evolving leaving the channel open to many opportunities. CompTIA’s research identified four areas for cybersecurity focus that companies should focus on: process, policy, people, and products. Cybersecurity Ventures reports that cybercrime caused $6.1 trillion in global financial losses. You can take that. Amazingly, this number is expected grow 15% year-over–year and reach $10.5 trillion in 2025. There are many damages that can be caused by customer distrust, such as ransomware or data recovery.
The impact and numbers are staggering as well as the complexity. CompTIA’s 2022 State of Cybersecurity research study published this month. It examines how cybersecurity is changing in terms of threats and mitigation strategies, skills, technologies, and more. Bottom line: Cybersecurity should be treated as a business imperative, a tech discipline and mindset, and as strategic as the core mission products that make up an organization’s bottom-line.
The Channel’s Opportunities
What does this mean for the channel? There is an opportunity. Many companies need help, given the scale of the cybersecurity challenge. This is especially true for small businesses that lack the expertise and headcount to mount a comprehensive effort across all their organizations. There are many opportunities for channel business, whether you’re selling cybersecurity tools and products or providing ongoing services as a MSP or consultant. Gartner projects that global cybersecurity spending will reach $172.5B by 2022, an increase of $150B from 2021. This figure is expected to rise to $267.3B by 2026.
CompTIA’s research has identified four areas where cybersecurity focus should be emphasized for companies to focus on:
Although the intention is for companies to address each area within their own business operations, it is safe to say that third parties such as MSPs and solution providers can also play an important role at any stage.
The Products Opportunity
The products category is the best opportunity, as it’s where channel firms have historically staked a claim to cybersecurity offerings. Selling antivirus, firewall, business-and-disaster-recovery tools, etc., has long been a part of the repertoire. This category is growing and providers need to add new tools and skills to stay competitive. You can think of expertise in penetration testing, threat analysis and risk analysis, as well as fluency in cybersecurity insurance and compliance issues.
Some are getting it. CompTIA’s Trends in Managed Services-2022 study found that more than 4 out 10 MSPs have hired cybersecurity-skilled personnel in the past year. These skills included expertise in data, endpoint and network security, as well as knowledge in identity management, data analysis and penetration testing, and/or cryptography. Similar percentages of MSPs (41%) looked inward to retrain their workforce to improve their cybersecurity skills. Another 36% paid for their employees to attain cybersecurity-related professional certifications.
MSPs have formed relationships with cybersecurity vendors on the tools and products front. In many cases, they may not have previously worked with them. Vendors in this area often have excellent intelligence into the threat landscape, which is a bonus for MSPs who cite keeping up with the complexity and speediness of cybersecurity attacks as their main challenge.
Channel firms that want to provide more than a basic level of cybersecurity knowledge to customers should focus on expanding their offerings and updating skills. As customers increasingly turn to third parties for their cybersecurity needs, it will be necessary to go beyond the foundational level in the coming year. This is why we see some MSPs looking to transition to full-service Managed Security Services Providers, or to form partnerships with MSSPs to fill their skills gaps.
The People and Process Opportunity
Another area of opportunity for the channel is cybersecurity user education. This is part of the “people”, and “process” categories that we mentioned above. Many of today’s cybersecurity incidents, despite all the talk about cybercriminals and malicious actors, are unintended consequences for otherwise benign employee actions (or lack thereof) – human error. As many IT departments are busy training cybersecurity staff,