In August, ConnectWise released its annual State of SMB IT Cybersecurity report. One of its more notable findings is that small and medium businesses (SMBs) have reached a cybersecurity “tipping point”. In other words, SMBs no longer think of IT cybersecurity as a secondary concern. 

Instead, they acknowledge that the threat landscape is growing, so they must improve their cybersecurity defenses. They have begun to realize that proper security is the only way to avoid the potentially devastating consequences of a cyberattack.

Today, a growing number of companies are increasing their IT cybersecurity investments. Given that they often don’t have in-house security talent, many are also partnering with Managed Service Providers (MSPs) to shore up their defenses and stay ahead of sophisticated threat actors.

Unfortunately, many SMBs don’t get the help they need from their MSP partners, leading to frustration. But more importantly, an unskilled or sub-par MSP actually increases a business’s risk of serious attacks.  


Key Findings from the State of SMB IT Cybersecurity Report

In 2021, over 76% of SMBs were impacted by at least one IT cybersecurity attack. This is a huge jump over the 55% who said the same in 2020. Consequently, 73% of them agree they need to protect themselves and 43% identify “protecting against cybersecurity” as one of their top three priorities.

These facts are not surprising, considering the growing “culture of fear” in many SMBs: 75% are worried their remote devices or employees may be breached, 74% are concerned about the breach of customer data, and over two in three (69%) are concerned that a serious attack could put them out of business.

To prevent such worries from coming true, 78% SMBs plan to invest more in cybersecurity over the next 12 months. For about 1/3 of them, board-level pressure is the major driving factor behind this decision, while for others, increased investments are the result of acknowledging that the threat landscape is growing larger and the consequences of an attack more severe. 

Why SMBs are Turning to (and Turning Away from) MSPs

The report clearly shows that SMBs are not clueless about cybersecurity, in fact, 53% have implemented at least foundational security protections like firewalls and antivirus. Another 85% have implemented either advanced network or endpoint protection and 43% do incident response planning. And to cover their losses if an attack should occur, about 30% have also purchased some form of cyber insurance.

But despite these protections, two in three SMBs (67%) lack in-house expertise to defend themselves against threats or deal with emerging security issues. In fact, the increasing risk of ransomware, phishing, and DDoS attacks are encouraging SMBs to turn to MSPs to manage cybersecurity.

According to the report, 89% were already employing an MSP in 2021, up from 74% in 2020. However, 88% of them are facing or expect to face at least one MSP-related challenge. As a result, 42% are planning to change to a different MSP in future.

Almost all SMBs (94%) would consider using a new MSP if they offered the “right” cybersecurity solution. Over a third (39%) are even willing to pay the new MSP 39% more each year. Together, these SMB challenges – both cybersecurity- and MSP-related – create opportunities for MSPs who can provide the right solution to SMBs.

A Challenge for SMBs, An Opportunity for MSPs

MSPs who help companies to strengthen their IT cybersecurity infrastructures through a combination of tools and services are in higher demand than ever.

But the report found that a majority of surveyed SMBs did not have strong cybersecurity in place. This presents an opportunity for MSPs to showcase their value with risk assessment support, IT cybersecurity implementation, and education. MSPs should also act as a consultant and advise clients on selecting the right cyber insurance policy for their needs.

Other areas the companies can leverage the expertise of MSPs include:

  • Protection against the breach of customer data
  • Protection against IT downtime
  • Cloud security

In all these areas, MSPs can provide the support and guidance SMBs need to build resilient IT environments and keep bad actors out of their systems and data.


From the ConnectWise report, it’s clear that MSPs will play a huge role in IT cybersecurity in the coming years. But the report also highlights the fact that businesses are not getting what they need.

For too long, MSPs have gotten away with providing sub-par service, unnecessary services, and have locked customers into long term contracts that limit the ability for businesses to adjust according to their needs.

As more businesses begin to leverage MSPs or switch from existing providers they will need to understand the features, licensing, and levels of additional service required to properly secure their organization.

GCS has been providing MSP and IT support services for more than 20 years and we pride ourselves on providing EXACTLY what our customers need. We always work from pre-determined pricing, but our agreement is mutually “at will”. In other words, GCS does not require a long-term agreement.

Contact us and let one of our security experts put together an affordable package that addresses all of your businesses needs and protects you from the daily threat of a cyber attack.




Pin It on Pinterest