7 Data Points that Show the Massive Managed Security Opportunity

Security Operations Center

Big data. Predictive analytics. Cognitive computing. IoT. These are all examples of opportunities created by next-gen technology, but which took a good bit of time – in some cases, years – for channel partners to really figure out how to monetize and incorporate into their service offerings.

While basic managed security services like remote firewalls, patching and antivirus protection aren’t new to the channel, they’ve historically been included in a typical managed service provider’s (MSP) offerings. Over the last couple of years, however, drastically reduced costs associated with enterprise-grade security offerings combined with a significant uptick in cyberattacks in the SMB space have turned managed security from an add-on into big business.

We sat down with Jason Graf, director of managed security services at MSSP Sword and Shield; Mike LaPeters, VP of global channel sales at security solution provider AlienVault; and Mark Dallmeier, CMO/CSO of IT security consultancy Terra Verde to get their take on the cold, hard financial facts that point to managed security being the Next Big Thing in the channel

Click through the gallery below to see the data and to read our experts’ take on the statistics.

Governance and Compliance

The governance, risk and compliance (GRC) global market will reach $38 billion by 2021.

The growth will be driven mostly by mandated cybersecurity requirements, either from regulatory agencies or customers. Because of the high cost of breaches, financial institutions are beginning to make information security a condition for loans and lines of credit, as well. SMBs that don’t bite the bullet to invest in heightened security solutions now will face a heavy price to pay later.

“A lot of those end customers don’t have seven figures to write a check and light up their own cybersecurity operations center or to recruit, retain, train and develop a niche – or focused – cybersecurity or risk and compliance team. A lot of organizations are looking for third-party companies to build, manage and operate those teams or environments for them off payroll.”

— Mark Dallmeier


The cybersecurity battle is moving from data protection to detection and response.

By now it's clear that with enough determination and/or luck, bad actors are going to breach your system one way or another. MSSPs today realize their defenses have to go beyond preventive measures like firewalls and antivirus. Instead, solutions should focus on detection, response, and remediation. Soon, it's likely that many solutions will heavily integrate predictive capabilities to warn of attacks before they happen.

"The big trend now is managed detection and response in 2018. It’s next-gen antivirus that's really getting a much better capability ... One, it’s on the endpoint, which is generally the target. [Two], it's highly focused on behavioral analysis, not just signature-based analysis."

— Jason Graf

Now Hiring
With a zero percent unemployment rate, security skill sets are scarce.

With each passing day that security threats become more prevalent and advanced while we fail to produce enough talent to keep up, MSSPs' expertise grows more and more valuable. Even if SMBs could afford to build a cybersecurity team in-house, finding the skilled workers to staff it is no easy feat. MSPs unsure of if they lack the required expertise to transition to managed security have a few different options that are less technical but no less important, such as governance and physical security offerings.

"Look at changes in the regulatory compliance side of the market. It doesn’t matter what regulation we’re talking about, you’re starting to see more physical security ... being integrated or added to regulatory company requirements. We don’t think [the skills gap is] something that’s insurmountable. We know there’s a significant shortage in the industry from a talent and expertise perspective. While that might be an inhibitor to growth, it won’t prevent [a service provider] from entering the [managed security] market."

— Mark Dallmeier 

IoT Everywhere
Few companies are taking IoT risks seriously. 

In a recent PricewaterhouseCoopers survey, only 34 percent of respondents said their organizations plan to assess Internet of things (IoT) security risks across the business ecosystem. This lack of forethought leaves businesses wide open to cyberattackers. While some SMBs still might not directly touch IoT, it's highly likely at least some of their data is collected through connected devices and applications. While enterprises have been crafting cyberdefenses for IoT for years, many small to midsize companies kick that can down the road.

"We talk about 2020 as the end game for IoT, where everything is connected. But we’re kind of already there. Like the saying goes, there [are] only 1,000 companies in the Fortune 1000, but there are millions of little companies that are now the target of cybercriminals. It’s organized crime, and service providers are crushing it right now."

— Mike LaPeters
Financial Growth
The projected growth of the managed security services market is jaw-dropping.

Experts say that managed security services will be a $40 billion space by 2022. As small businesses and the midmarket face the ugly fact that they need cybersecurity solutions they can't afford to build or manage themselves, MSSPs will be on hand to swoop in and save the day. There is a giant, untapped market of customers begging for cybersecurity help, which makes it even more attractive.

"The timing is right. Customers are dying for these services."

— Mike LaPeters
Road Ahead
SMBs know it's time for advanced solutions.

A full 80 percent of SMB owners recognize that basic antivirus, anti-malware and firewall solutions just aren't going to cut it in today’s cybersecurity landscape. While they know they need "more," most don't have any idea of what that entails. These businesses are turning to MSSPs to help them align security solutions with business objectives.

"They’re all trying to accomplish as much as they can with the least amount of financial investment. There is a definite fear of the unknown ... they get online and read article about a business being exploited. They don’t want to be there, but they understand it’s a significant investment to prevent it. They have to evaluate the balance."

— Jason Graf
Out of Business

SMBs are a big target, and the cost of a breach can easily cripple or kill small businesses.

In 2016, more than 60 percent of breach victims were SMBs. Half of SMBs hit with a cyberattack closed up shop within six months of the attack. Small and midsize businesses can no longer afford to pretend their organizations are too insignificant for cybercriminals to bother with. It's likely they'll be hit. When they are, they'd better have the recovery and remediation capabilities to keep it business as usual.

“The conversation has moved from ‘that will never happen to me’ to ‘it happened to my friend or to us already.' They’re telling us they don’t have a clue what they’re doing.”

— Jason Graf

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 95985