Cybersecurity concerns could cause most small businesses to switch managed service providers (MSPs) if a competitor offered stronger protections, according to new research conducted by Vanson Bourne.
Commissioned by Continuum, the study titled Underserved and Unprepared: The State of SMB Cyber Security in 2019 found that out of 850 small businesses with 10-1,000 employees from the United States, the United Kingdom, France, Germany and Belguim, 9 in 10 would hire a new MSP if it had "the right cybersecurity solutions."
"We have seen firsthand that the No. 1 reason MSPs lose business today is over concerns about cybersecurity, and this data now proves it," said Continuum CEO Michael George. "Providers across North America and Europe should heed the clear warning presented by these findings."
MSPs are companies that offer remote IT management, handle network setup and tech support, and procure new hardware. They deal with the upkeep of a client's IT systems and offer an IT solution that doesn't require SMBs to hire their own tech professionals.
Understanding 'good' security
With an increasing number of cyberattacks on the horizon for small businesses, the report says MSPs could do more to educate their clients on the importance of cybersecurity. Many respondents said they were "not fully educated on what 'good' security is." Without this knowledge, companies are more likely to have "lower levels of advanced protection."
"Cyber security is a critical element to all organizations and is potentially too important to remain solely within the organizations, especially bearing in mind the gaps in knowledge within SMBs," the report says. "It's up to MSPs to ensure that organizations know what to expect from them, as well as who assumes responsibility in the event of a cyber security attack."
Businesses seeking MSPs with better cybersecurity
According to the study, 62 percent of respondents said they didn't have any in-house capability to address cybersecurity issues, while 52 percent said they felt "helpless to defend themselves" from newer cyberattacks.
With that in mind, the report states that 84 percent of respondents who do not currently employ an MSP would be more likely to if the MSP offered the "right" cybersecurity solution. Furthermore, 93 percent of respondents said they would change their MSP if another MSP offered a cybersecurity solution that better fit their company's needs, even if they hadn't originally planned to change providers.
In the U.S., 89 percent of respondents said they would switch their MSP if the new one offered a good cybersecurity solution for their needs. Approximately 24 percent said they had already made the switch following a cyberattack.
"Businesses expect to be protected by their MSPs and are ready to pay more for that protection – whether from their existing MSP or by switching to a provider that promises a better solution," George said.
Investing in cybersecurity
Cyberattacks can cost a company thousands in damages and lost revenue. According to the study, the average cost of a cyberattack for surveyed businesses was $53,987. That amount grew based on the size of the affected business, as SMBs with 250-1,000 employees reported a higher average cost ($64,085) than those with 50-249 employees ($48,686) and 10-49 employees ($41,269).
Of the companies that reported experiencing a cyberattack in the last year, only 2 percent said the incident didn't impact their business. The others reported money losses (35 percent), time and effort wasted in dealing with the problem (33 percent), and lost data (32 percent).
"SMBs are not just looking for cybersecurity protections; they are ready to invest more to protect their businesses," said Brian Downey, senior director of security product management at Continuum.
The report suggests that MSPs that try to compete by lowering their costs won't be as successful keeping clients who worry about cybersecurity. According to the data, small businesses looking to switch providers were "willing to pay 24 percent more on average" for the right cybersecurity measures. Roughly 47 percent of U.S. respondents said they would pay "at least 20 percent more for the right cybersecurity solution from a new provider." On average, small businesses said they were willing to pay 27 percent more for the right security.
"It's clear from today's report that there is an economic opportunity for MSPs that get cybersecurity right, as they stand to not only win business from providers that don't, but also increase their revenue streams from their SMB clients and have a better chance of retaining their existing client base," Downey said. "If MSPs can deliver the right cybersecurity solutions to their end clients, they will hold the competitive advantage in the SMB market."