In a recent survey conducted by Cyber Smart, several MSP’s and MSSP’s shed light on factors impacting them and their Client’s cybersecurity posture. The report sheds light on industry professionals’ points of concern and where they are confident in their security posture.

Firstly, AI risk has become the top point of concern for MSP’s and MSSP’s, replacing ransomware and malware as the top point of concern for industry professionals in 2024. AI risk rose from an unranked concern among industry professionals to the top risk of concern in just one year, highlighting the cybersecurity industry’s sentiment towards unrealized AI risks.

Managing AI risk has become a daunting task for MSPs and MSSPs in the last year as more services have started integrating AI into their products; often without explicitly warning their customers before shipping their product with AI augmentation. The industry has growing concerns of information leaking through an LLM, or use of an AI product incidentally violating the Integrity or Availability of their data, as reported in some horror stories of AI implementations destroying invaluable intellectual property.

Interestingly, Exploitation of Unpatched or Undisclosed Vulnerabilities fell from 44% of respondent’s highest concern to 31% of respondent’s highest point of concern despite the same 13% of organizations responding they experienced zero breaches over the last year.

Respondents also highlighted increased scrutiny of their security practices in the last year, with 77% of respondent’s stating they have had slight or significant increases in scrutiny when meeting with new businesses, illustrating the increase of cyber-awareness from prospective Clients.

Finally, respondents were asked what measures would help their businesses achieve ‘Complete Cyber Confidence.’ The top four responses remained the same, though the top answer from MSPs and MSSPs went from Cyber Security Training for Employees to Continuous Monitoring of Systems and Networks, alluding to an increased demand for 24/7 monitoring of critical systems, as 47% of respondents also revealed they had experienced three or more cybersecurity breaches in the last year. In fact, 69% of respondents said they had experienced two or more breaches in the last year.

The increase in the rate at which MSPs and MSSPs are experiencing breaches is alarming. This suggests threat actors are taking advantage of the copious amount of sensitive data being shared between organizations, adding to the pressure mounted against these organizations from Client expectations and increasing regulatory pressures. Continuous monitoring is a difficult and possibly expensive undertaking, but with the increased demands MSPs and MSSPs are facing, it may be mutually beneficial to seek a partnership between the two in the interest of Complete Cyber Confidence both for themselves and for their Clients.  This would allow both organizations to focus more on their primary service offerings while segregating their duties and responsibilities, allowing each to thrive under the ever increasing demands faced in the modern threat landscape.