SMB leaders are far more aware of the rapidly evolving cyber threats they face and the opportunity for resellers and MSPs to help them sleep at night is growing by the day. Therefore last month’s Comms Dealer Channel Forecast session aimed to clarify the current state of the UK SMB security space, and the success factors that enable resellers to take advantage of this fast expanding market.
It’s time for resellers and MSPs to zero in on one of the most pressing challenges facing SMBs – security – and drive revenue growth from cyber threat trends. “Every company in the UK is a potential cybersecurity customer because everyone is at risk,” said Demi Clinch, Sales Director, Cyber Sentry (in Partnership with Onecom Partners). “Your target list is limitless, and the customer lifetime and value are uniquely high.”
Our experts agreed that not having a cybersecurity play is no longer an option and they urged resellers to act accordingly. Ryan Martin, Head of Indirect at ANS, warned: “Those that delay action risk losing relevance in the market and trust within their customer base.”
Fortunately, resellers now have more routes of entry than ever before and aren’t forced to make a heavy investment. Martin added: “MSPs have three options: They can either build their own cybersecurity practice, which carries cost but enables autonomy; they can buy an existing practice through acquisition, which involves some risk around integration; or they can look at partnering with somebody who already provides the service.”
He also noted that ANS has seen significant success in co-selling and co-managing services by augmenting a reseller’s cloud practice with its own cybersecurity offering. “We see a lot more cooperation in the channel between people who are competitors on paper, but both have offerings within their technology stack that the other can benefit from when it comes to serving individual customers,” he added. “There’s a lot of that around security due to the complexity of it.
“If there are people out there already highly credible and highly certified delivering a great service, then it makes absolute sense to partner with them. Ultimately, that’s going to give you a great product and service for your customer and build your own credibility in turn.”
Jason Fry, CTO at Global4, also affirmed the advantages of cooperation as a way to bypass complexity. He said: “If you build everything yourself you must decide which technologies to choose and which vendors to engage. There is significant overlap between offerings so getting the right mix and then educating sales teams on how to position that to customers is a big undertaking.”
Hybrid approach
He noted that Global4 has taken a hybrid approach, building up an internal SecOps team responsible for triaging and monitoring, but has also filled in gaps through partnerships with vendors and other MSPs. “For example, it would have been too difficult and costly to build our own SOC,” he said. “So, the collaborative approach is the way forward. Find the right partner that will fit into your overall service offering, make those relationships transparent to customers and show them the strengths and benefits.”
Talking to others in the channel who are further along their journey should be an immediate priority for any reseller yet to kickstart their own cybersecurity play, agreed Clinch. “Getting into cybersecurity doesn’t need to be a big, scary task,” she said. “Go out and find people who have the tools and the knowledge to support you. Adding cybersecurity to your portfolio gives you the opportunity to bring something new to customers and show them that you’re driving forward and advancing as a strategic partner. You can significantly increase your revenue by taking customers on this journey with you.”
She highlighted some of the simple wins MSPs can secure immediately, through low-touch and easily consumable solutions. “One element that stands out for me is a dark web monitoring solution,” added Clinch. “This can be deployed across a base in a few clicks and you see that instant boost to your margins. The average retention rate on an opt-out model in dark web monitoring is around 70 to 80 per cent and you can quickly see how this impacts your bottom line.”
Our experts agreed that the opportunity for margin is most relevant within the SME market where the rate of change is highest and education around cyber threats is the lowest. Clinch noted: “Enterprises used to be the greatest target but cyber criminals know that smaller businesses may not be as well protected and are sweeping through the SME space like wildfire."
She added that incoming legislation set to ban public sector organisations from paying ransom may increase the focus on SMEs. To combat this, 80 per cent of SMBs intend to increase their cybersecurity spending in the next year, according to a 2024 Microsoft survey cited by Martin. “There is a growing market there for MSPs,” he added.
Fry noted that the threat landscape is evolving due to SMEs increasingly adopting SaaS-based products and cloud services, not fully alert to the fact that their data and IP are leaving their building. “Threat actors are preying on the new volume of attack vectors, as opposed to just one route through a firewall,” he said. “They’re also able to compromise just a single piece of data rather than an entire organisation, which is sometimes enough to effectively hold a business to ransom, or exfiltrate some further data.”
Part of the opportunity resides in educating SME customers on where their data is when it doesn’t sit on systems inside their offices. Fry added: “People are uploading information into LLMs or storing it on Google Drives. Before, we used to be worried about USBs and data being leaked physically but now there’s a whole plethora of different technologies and systems that anybody can gain access to. As SMEs don’t have the capability to educate staff to be more vigilant, it’s down to resellers and MSPs to help fill in the understanding around risks and mitigation.”
Risk assessment
The conversation hinges on selling the risk of doing nothing, as opposed to selling solutions. “MSPs can add massive value to their customers by helping them baseline what they have currently and identifying risk,” added Fry. “You can’t walk through the door and say you’ve got to have all these solutions to secure yourself from day one. They may not have the budget, the bandwidth, or the capacity to cope with that level of change and transformation within their business. It’s about mapping out that journey with them.”
Martin agreed: “There has been a temptation with security provision to take some of the off-the-shelf services with a belief that will just fit with what customers need. That’s not the case because there is a great deal more detail than that. You need to understand that what you’re providing is fit for purpose.”
Clinch observed that the most successful approach is seen by resellers who go beyond simply selling tools, to focus instead on delivering something that provides true value and builds trust. She said: “With SMEs, you need to have multi-layer protection and provide multiple services that are tailored for their specific needs and budget.”
She adds that the appetite is high in the SME market for this more consultative approach. “Global cybersecurity players can be quite expensive and what they create is complex, so you need a team of people to be monitoring and managing those solutions. That is why SMEs want to work with MSPs that can provide that full service wrap.”
ANS currently serves 50 enterprise grade customers on its SOC service, and Martin points out that the company takes a much different approach with SMEs. He said: “We do a lot of work around simplifying our enterprise offering down to SMB space. Fundamentally, the core offerings don’t change, they just become tailored for a smaller audience. Part of this is simplifying naming conventions and technologies so customers understand the service they are getting.”
He agrees that the most profitable way to engage in this market is through the provision of managed services. “MSPs are uniquely placed to make the most margin in this space by wrapping all the technology and knowledge into a managed service for customers,” he said. Fry added: “This will set MSPs apart from those organisations just reselling a phishing simulation, or a piece of EDR or antivirus software.”
Martin finished by highlighting future scaling opportunities for those who have started building their cybersecurity journey through AI and automation. “Start small and build out your managed service capability to begin with,” he advised. “When you’re comfortable with managing and supporting your customers look to scale, and look at how you can leverage AI and automation to streamline onboarding and speed up data-driven choices.”