MSP Cybersecurity Responsibilities: Real Concerns or Hype?


No business owner needs more fillers today. Successes continue to stem from concerns about changing economic conditions and the lack of available workers amid rapidly rising spending. For MSPs, this pressure is constant and, in many cases, continues to escalate with new business threats, financial limitations and ever-increasing cybercrime credit markets tightening. As the saying goes, “there is no rest for the weary”.

In addition to the known risks associated with ransomware, phishing attacks, and a thriving hacker community, MSPs and other IT services companies are under tremendous pressure to eliminate threats. Providers may feel that their livelihood depends on 100% success. The stress is real, whether it’s securing their customers’ IT assets or protecting the proverbial “keys to the kingdom”, otherwise known as access to their collective technology ecosystem.

What could happen to their business or their customers if a hacker gets lucky or a cybercriminal tricks an end user into making a mistake and launching a ransomware attack? What financial or reputational damage would one of these incidents have on an MSP? These are reasonable concerns for any IT services business owner today.

The risks are real

With all the ambiguity and inflated commentary surrounding cyberattacks, it’s easy to see why so many business owners and decision-makers worry about threats. Understanding the motivations of cybercriminals and the tools they typically deploy to gain access to corporate systems and data will take away some of the mystery. However, rapidly evolving tactics, ransomware, and other attack mechanisms are making it harder for anyone to maintain 100% effective defenses.

These reasons explain why the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and several other global organizations have issued an advisory for MSPs and their customers on securing sensitive data. Recommendations listed in this guideline include implementing mitigation resources, enabling monitoring and logging solutions, and applying endpoint detection and network defense applications.

The reasoning behind this warning is sound. According to a recent report by N-able, 90% of MSPs have been the target of successful cyberattacks in the last 18 months. More importantly, nearly half of these businesses experienced financial loss (46%) and business disruption (45%) as a result of an attack. The negative carry-over effect on customers can be just as substantial, or even worse, given the propensity of tech-naïve end-users to take security shortcuts. Based on all of these threat vectors, the growing concerns of agencies in the global law enforcement community are more than appropriate.

Minimize MSP risks

Although risks are seemingly everywhere, MSPs have the power to reduce liabilities for themselves and their customers. IT service professionals can strengthen their collective defenses with the latest technologies and policies and through consultation with legal experts and cyber insurance. Working collaboratively with a variety of cybersecurity-focused specialists can limit MSPs’ potential financial exposure in the event of an attack and expand their remediation and recovery resources.

IT services-focused cyber insurance lawyers and experts defend the best interests of their partners and clients to prevent serious events from escalating. Consulting qualified individuals to minimize MSP and SME liability reduces stress and potential headaches for the collective community. Customers will be better protected. IT service providers know someone has their back if cybercriminals manage to get through their defenses – with access to information and proactive advice to reduce the potential of these occurrences.

With increasing liability issues, MSPs need lawyers experienced in developing, evaluating, and improving service contracts and master agreements. Understanding of general IT department business policies and processes is essential. A qualified cyber lawyer will identify and resolve potential liability issues and limit the financial and legal exposure of MSPs and the organizations they support.

Equally important are cyber insurance professionals. Regardless of the threat landscape, they can help MSPs guide their clients through the maze of regulatory compliance requirements and identify the critical vulnerabilities they need to fix to be insurable. These collaborative opportunities can help bolster their collective defenses and minimize liability when cybercriminals succeed.

Focus on shields

MSPs must constantly assess and address potential liabilities associated with providing IT services. Since they essentially hold the “keys to the kingdom” regarding their access to multiple networks and dozens of customer data, vendors are now directly in the crosshairs of cybercriminals. The escalation of attacks against SMBs is concerning, especially as the complexity and intensity of ransomware and phishing attacks continue to grow.

The cost of failure is too great to ignore. Securing every system, performing regular backups and locking down all important data is essential for MSPs and the organizations they support – no shortcuts or skimping on expenses. The only sure way to minimize cybersecurity liability is to invest in effective tools, policies and partnerships.

This last point is an important piece of the puzzle. No matter how competent an MSP is, without the support of legal and insurance experts who understand the cybersecurity risks within the IT services community, it will be much more difficult to minimize liability. This additional exposure should be a real concern for IT services companies. If cybercriminals gain access to customer networks and data through their systems, they can expect other customers and prospects to scrutinize their security and business practices.

From a public and legal point of view, this exposure can have a catastrophic effect. Cybersecurity is a real responsibility, and MSPs need to ensure that they provide quality (industry standard) protection to every customer and adopt the same best practices in their own organizations. By leveraging effective tools, policies, and partnerships, IT services companies can limit their liabilities and provide the best protection for the businesses they support.


Comments are closed.