If cyber is uninsurable, then MSPs just got a lot more valuable. Here's the conundrum. If MSPs represent aggregate risk to insurers yet are invaluable in the fight against cyber threats, and if cyber is becoming more uninsurable, then MSPs become even more critical in the cyber risk equation. Sound complicated? I'll explain.

 

Most of the discussion around cyber risk insurance today can be boiled down to lack of visibility and understanding about the MSP market and IT threats in general. I don't want to make too large of a generalized statement but there is a lot of ignorance out there. Trust me.

 

MSPs do present a threat surface for cyber criminals, just like every other entity. I can make a convincing argument as to why MSPs have less of an attack surface but that's for another time. The point is, MSPs cannot be ignored when it comes to solving the cyber threat question. If the insurance industry is unable (at the moment) to answer this question, then maybe it's up to the MSPs to do so.

 

Highlights:

Cyber underwriting flaws

Lack of visibility into cyber and MSP markets

Alternative cyber risk mitigation models

Weaver Outrage Meter (Low)

 

2022 began very differently than it ended. The pandemic, global supply chain, cyber-attacks, cyber risk, the economy, MSP talent, and many other areas saw change (good and bad) during the year.

 

This summary of the year 2022 in managed services looks at a variety of areas all related to the global managed services profession and attempts to extract some lessons learned so we can apply them to 2023.

 

MSP Zone Guest: Rob Scott

 

Highlights:

Cyber Risk - legal, technical, business, and other

MSP business model changes in 2022

Legal updates

It has been a while since we discussed the topic of MSP talent shortages, specific to security (i.e., cybersecurity). A lot has happened since earlier in the year and I wanted to provide you all with an update on where we stand, how the industry is doing, and where we are seeing the most results.

 

Now, the first warning is do not get upset by what you hear. I am going to talk in generalities about what we are seeing across a very large profession. If something I say is troubling to you, just know that it doesn't necessarily mean it is going to happen to your practice.

 

Highlights:

Summary of cyber talent in the MSP sector

Mass tech layoffs

MSP talent sources

Here is some friendly advice for policy makers and legislators moving on the issue of MSP regulation (of any kind) next year, 2023. Since 2020, we have seen a large amount of activity in the cyber regulation area, including specific regulations calling out managed service providers (MSP).

 

Highlights:

Direction of MSP Regulation in 2023

Flaws in MSP regulation requiring a fix

What MSPs Need from MSP Regulation

With all the pressure and hype around growth-oriented MSP platforms these days, I thought it might be helpful to talk about one characteristic of the small MSP which is actually very important. Now, this does not mean larger MSP organizations do not possess this characteristic. It does mean, however, that smaller MSPs are more likely to find this type of process much easier to perform.

 

What am I talking about? Analyzing, identifying, digesting, and remediating MSP risk. While risk assessing is the duty of every MSP organization, smaller MSPs will find certain elements of the risk assessment far easier than their larger colleagues.

 

Highlights:

Review of the MSP risk assessment

Reporting and documentation requirements

Tips for remaining in compliance

For many MSP owners and operators sales is a foreign concept. Sales is acknowledged as a necessary business component for all MSPs, but very few MSPs have mastered the art form of sales.

 

Today we attempt to breakdown the stereotypes of sales in the managed services profession. We examine everything from process, metrics, business goals, and the important integration of sales into the managed services engine.

 

If you have ever struggled with sales in a managed services environment, this episode is for you.

 

Highlights:

MSP sales objectives

How to build an MSP sales engineMethodology

Metrics

Training

People

MSP sales: Myth vs reality

Last week was the MSPAlliance Inspire "peer" group meeting in Las Vegas. I say "peer group" in quotes because this group sees themselves as the anti-peer group. Born out of the frustration of many peer group veterans, they created the MSPAlliance Inspire to bring networking and leadership in managed services to a new level.

 

Here are some of the things they discussed and what I learned from observing these MSPs.

 

Highlights:

MSPs need a place to vent

Staffing remains an issue, but MSPs do have solutions

Cyber insurance is both a good and bad thing for MSPs

I recently spoke with an insurance executive and we had a very interesting conversation about risk and perceptions of risk related to cyber security and managed services. This conversation was eye-opening for a number of reasons, but mostly because it exposed me to a viewpoint I had not fully considered before.

 

This conversation is important because it represents what I believe is the larger debate happening right now between MSPs on one hand and public policy makers on the other. Is risk truly a black and white issue or is there reasonable ground to disagree? Let's dig in and find out.

 

Highlights:

Insurance view of MSPs

MSP view of Insurance

Where does risk really occur? The bad MSP and the bad client

How can we move forward?

Ransomware impacts many industries throughout the world, but today we focus on the manufacturing sector. Is the manufacturing industry facing an increase in cyber-attacks? If so, how are they responding to these attacks and what changes are they making to become more resilient to such attacks?

 

John Shier, senior security advisor with Sophos, enters the MSP Zone to discuss his analysis of a recent Sophos ransomware study.

 

Highlights

52% of manufacturing organizations were hit with ransomware in 2021 - a sharp uptick from 36% in 2020

66% of surveyed manufacturing and production organizations reported an increase in the complexity of cyber attacks

61% reported an increase in the volume of cyber attacks when compared to the previous year

Only 75% of those surveyed reported having cyber insurance - the lowest percentage across all sectors 

What lessons can we learn from cyber attacks on manufacturing organizations?

What can MSPs do to protect these types of clients?

What should manufacturing organizations be doing differently?

Weaver Outrage Meter (Low)

 

Sponsored by: Dell Expert Network

 

Any organization can experience growth. Some may have to buy it, such as through M&A transactions. Others, may be lucky enough to experience growth organically. Maybe they have a really good product, perhaps they just have an awesome sales and marketing team, or perhaps they are just fortunate to be in the right place at the right time.

 

The same is true for MSPs. MSPs, however, have to consider something when going through a growth period: how will such change impact their service delivery and security? Growth at the expense of scalability or security is just not worth it. So, what is to be done?

 

There are some steps any MSP can take to prepare themselves for any unusual growth period in their company. We will examine some of those steps today.

 

Highlights:

Planning for growth

Bulking Up

Compliance Responsibility

Knowing when to hit the brakes