Cybersecurity 2022: Opportunity Knocks for the Channel

Here’s a headline grabber: Global financial damages from cybercrime totaled $6.1 trillion in 2021, according to Cybersecurity Ventures. Yep, sit with that. Stunningly, this number is expected to grow 15% year-over-year, reaching $10.5 trillion by 2025. Damages range from quantifiable costs like those associated with recovering stolen data or paying out ransomware to the immeasurable impact that a tarnished reputation has on a business when customer trust is lost.

The numbers and impact are staggering, as is the complexity. It’s all spelled out in CompTIA’s 2022 State of Cybersecurity research report published this month, which takes a hard look at how the cybersecurity landscape is changing in terms of threats, mitigation approaches, skills, technologies and more. Bottom line: Cybersecurity as a tech discipline, mindset and business imperative should be treated as strategically as the core mission products and services that comprise an organization’s bottom line.

The Opportunities for the Channel

So where does that leave the channel? With an opportunity. Given the magnitude of the cybersecurity task at hand, many companies need help. That especially rings true for SMBs that lack the headcount and/or expertise to fully mount a comprehensive effort across their organizations. For the channel, whether it’s selling cybersecurity products and tools or providing ongoing services as an MSP or consultant, there’s no dearth of potential business to be had. Gartner expects global spending on cybersecurity to hit $172.5B in 2022, up from $150B in 2021. By 2026, that figure is projected to reach $267.3B.

CompTIA’s research identifies four areas of cybersecurity focus for companies to zero in on:

• Policy
• Process
• People
• Products

While the intent is for individual companies to address each area as part of their internal business operations, it’s safe to say that third parties, such as solution providers and MSPs, can also play a role at any stage.

The Products Opportunity

The products category is the most obvious opportunity as it’s the place channel firms have traditionally stuck a stake in the ground in terms of cybersecurity offerings. Selling antivirus, firewall, business-and-disaster-recovery tools, etc., has long been a part of the repertoire. But that category is expanding, and for many providers to remain competitive they need to add new tools to their arsenal, as well as attendant skills. Think expertise in penetration testing, threat assessment and risk analysis, and fluency in cyber insurance and compliance issues, among other higher levels of cybersecurity offerings and services.

Some are getting it. According to CompTIA’s Trends in Managed Services 2022 study, more than 4 in 10 MSPs said they hired personnel with specific cybersecurity skill sets in the last year. Those skills ranged from expertise in data, endpoint, applications and network security to acumen in identity management, data analysis, penetration testing and/or cryptography (among others). A similar percentage of MSPs (41%) looked inward, retraining their existing workforce to update their cybersecurity skills. Another 36% paid for their employees to attain cybersecurity-related professional certifications.

On the products and tools front, more than a third (36%) of MSPs forged relationships with cybersecurity vendors, in many cases those they might not have worked with previously. Vendors in this space often have good intelligence into the threat landscape, a bonus for MSPs that cite keeping pace with the complexity and speed of cybersecurity attacks as a main challenge.

Updating skills and expanding offerings are key areas to pursue for channel firms interested in providing more than a cursory level of cybersecurity know-how to customers. In fact, going beyond the foundational level will be necessary in the year ahead as customers that do decide to use a third party for cybersecurity needs will increasingly demand sophistication and experience. It’s the reason we see a portion of today’s MSPs eyeing a transition to full-service Managed Security Services Providers (MSSPs) or entering partnerships with MSSPs to fill their own skills gaps.

The People and Process Opportunity

Cybersecurity user education and training is another opportunity area for the channel. That’s part of the “people” and “process” categories we mention above. For all the talk about malicious actors and cybercriminal threats, many of today’s cybersecurity incidents are unintended consequences of otherwise benign employee actions (or non-actions) – human error, in other words. And just as many IT departments are busy providing cybersecurity staff training, instituting fake phishing tests and other compliance checks to reduce these errors, channel firms may also find a healthy market for consulting services that do the same.

One of the key educational areas that consultants can help promote is the shift to a proactive, zero trust mindset to protecting organizations from cybersecurity attacks. Risk assessment and mitigation to avoid reactive “fire-drill” responses to incidents is the way of the future, but many customers lag in making this philosophical transition for a variety of reasons (cost, skills, awareness). Working with a third-party provider schooled in the zero trust approach can help them reach that goal.

In the year ahead, customers are going to prioritize cybersecurity efforts as they continue along a path of digital transformation and entrust more of their technology to the cloud. Channel providers have myriad on-ramps to help with this journey if they see fit.