Why Do SMBs Outsource IT Security to MSPs?

Information security is one of the most talked about topics in the IT channel. Last week, we joined George Anderson, Product Marketing Director at Webroot, on a webinar in which we discussed why small- and medium-sized businesses (SMBs) outsource IT security to MSPs. George has been with Webroot for close to six years now. With an extensive background in product marketing and business development, his insight can help MSPs drive results for their managed IT services businesses. 

During the webinar George reviewed key points from Webroot's 2015 SMB Threat Report, a summary of findings gathered by surveying IT decision makers in the United Kingdom, United States and Australia. The report mainly focuses on the state of organizations' preparedness to stop hackers from launching successful cyber attacks, an area of concern for any business globally. What were the results of the survey, and how can MSPs take advantage of cyber trends when prospecting and cross-selling on managed security services? We share shocking statistics and the opportunity for MSPs! 

Cyber threats and SMB market dynamics have changed quite dramatically over the past five years. If you tuned in to our previous Webroot webinar, you learned about three malware vulnerabilities you need to address. With the growing threat landscape, SMBs are not as well equipped as they need to be to manage their cybersecurity. Many SMB business owners mistakenly believe that they are too small for hackers to target. In reality, many SMBs serve larger organizations and are therefore at high risk for being a tempting gateway to compromise. Think of these businesses as being Trojan Horses to larger corporations. 


Why are SMBs Considering Outsourcing?

Preparedness is a big issue. SMBs lack the specialized resources and skills that an MSP can provide. On average, less than a quarter of the SMB organizations surveyed had a dedicated in-house cybersecurity team or individual. Of the majority surveyed, "32 percent had employees who handled cybersecurity along with other general IT responsibilities." While having some cybersecurity support and attention is better than having none, often SMBs outsource these services to receive 24x7x365 data protection and additional time for IT staff to focus on other core business objectives. Consider the fact that more than two-thirds of the survey respondents stated they were not completely confident in their readiness to take on a cyber attack. Factoring in the amount of attacks launched regularly, it's not surprising that the demand for managed security services is increasing!


Why Do SMBs Outsource IT Security to MSPs? IT Security Preparedness

Still from Why Do SMBs Outsource IT Security to MSPs?

What Threats are SMBs Completely Prepared for?

During the webinar, George stated that Webroot asked the million dollar question when conducting their survey, "what threats are you completely prepared for?" Based on the respondents' answers, the research focused on four different security threat areas:

  • Unsecured websites and phishing attempts
  • Unsecured end points including PCs and smart devices 
  • Unsecured internal and externals networks (Public Wi-Fi) 
  • Internal threats, such as employees

Surprisingly, 64 percent of respondents believed they were prepared to handle unsecured websites and phishing attempts, the security threat with the highest percentage of confidence. According to George, phishing is one of the most successful threat vectors. Perhaps SMBs believe they're more prepared than they really are and need you to educate them about what's at stake. In positioning your managed security services as a way to better combat cyber attacks and hedge risks, convince SMB prospects that you can provide the resources they need to protect company data. As indicated in the webinar screenshot below, most SMBs cite lack of resources as their reason for being prone to cyber attacks.

Why Do SMBs Outsource IT Security to MSPs Prone to Attack

Still from Why Do SMBs Outsource IT Security to MSPs?


How Much Would a Cyber Attack Cost Their Business?

It's hard to assign a dollar amount to the impact of a successful cybersecurity attack, but it's definitely costly to businesses of all shapes and sizes. When each participating region was asked how much they estimated they would lose, the stats were illuminating. The still below especially illustrates why SMBs invest money in IT Security to protect themselves from the damage of a cybersecurity attack, the loss of critical data and the cost of unplanned downtime and data recovery.

Why Do SMBs Outsource IT Security to MSPs Cyber Attack Cost

Still from Why Do SMBs Outsource IT Security to MSPs?

Final Thoughts 

SMBs are under-resourced and confused about their readiness to handle attacks. When it comes down to it, they are vulnerable and need stronger and more advanced threat protection. SMBs recognize the value of an MSP because they lack the necessary cybersecurity expertise and waste too much of their time and resources managing everything in-house. According to the survey results, 81 percent were open to outsourcing. That means you have the ability to sell your managed security services to roughly four out of five SMBs!

MSPs are poised to help deliver security solutions that help optimize SMBs' IT security budgets. George states that SMBs can become more aligned with cybersecurity and IT Security spending by outsourcing to an MSP. Ultimately, that's what you have to convince prospects. You offer the required skillset, technology and labor to ensure protection of your clients' data.

Outsourcing continues to grow in its popularity and adoption, and outsourcing cybersecurity is no exception. Continue learning about the IT security sales potential. 

Download to watch our webinar with Webroot!

BLOG Webinar Why Do SMBs Outsource IT Security to MSPs