Overcoming end-user apathy has emerged as the number one growth barrier for MSPs seeking success in the competitive cybersecurity market, according to an attendee survey at Channel-Sec, hosted at the Forest of Arden Hotel, on 8th – 9th May 2025.
Here, 64% of attendees cited ‘difficulty educating clients on the value of services’ as the primary obstacle for increasing cybersecurity revenues within their business. This means that despite heightened public awareness of cybercrime, driven by digitisation and coverage of high-profile cases, business leaders, particularly in the SME market, remain disengaged or unconvinced of threats.
Bridging this gap and building lucrative business strategies was the focus of the day’s first session which brought insights from Chris Johnson, Senior Director of Cyber Security Compliance Programmes, GTIA, Chris White, Head of Cyber and Innovation, south east Cyber Resilience Centre, Kyle Torres, MSP Senior Channel Account Executive, Sophos, Mark Salvin, CEO, Orbital10, and Sam Callaghan, VP of Sales EMEA, ConnectWise.
“In this climate, additional costs are not popular, and this is how cybersecurity is being viewed,” said Torres. “It is no wonder that acquiring new customers is a challenge and there is obvious shift in mindset needed from ‘I need to generate a healthy margin’, to ‘I need to demonstrate value’. That is something that this survey is telling us is a sticking point for MSPs.”
Making this shift lies in breaking through assumptions within the SME market that have a sceptical view of cybercrime and how it relates to their businesses. Salvin noted: “For many businesses this is an invisible threat, they don’t see it coming or feel they are exempt. SME business leaders are so deeply involved in their companies that they see cybercrime as an abstract issue that isn’t important in their day-to-day.”
White agreed: “Small organisations wrongly assume this won’t happen to them and that cyber criminals are attacking big organisations. They don’t understand they are part of a sprawling supply chain so are being compromised through their upstream and downstream partners. It is also about the types of data not the type of organisation in the eyes of a cybercriminal. A company with 300 staff members or three staff members can have equally valuable levels of data.”
This is also a case of breaking deeply ingrained habits. Callaghan pointed to one big enterprise he came across recently that continues to do consequential risk management on spreadsheets that are looked at once a year. Torres added: “You can lead a horse to water, but you can’t make it drink. We have previously given SMEs free software and ask them to turn it on to keep themselves safe and they still don’t do it.”
Panellists offered up myriad ways of increasing education as part of the cybersecurity sell. For example, White uses physical security metaphors to make it land for SMB businesses. He said: “When staff members leaving an organisation, we see leadership take their key and their laptop, but don’t take away their access on the back end. We tell them this is like locking your house with a stranger already inside.”
He also suggests relating it to personal experience. “People glaze over when you talk about cybersecurity in their businesses,” he said. “Try to bring it to life for them. “People have been forced to adopt two-factor authentication in their banking, so ask them why they wouldn’t want the same level of protection in their business and it will resonate more.”
Their suggestions generally align with delegate’s planned investment areas for growing their cybersecurity business, with increased sales and marketing (42%) and staff cybersecurity training and certifications (39%) both critical steps for driving home education.
Callaghan said: “You can’t sell a market without a good level of education and knowledge internally. Lean into certifications and make sure you are an expert.” He also suggests that MSPs have a cybersecurity sales champion and a dedicated member of staff running the vendor relationships to ensure they get the most out of partnerships.
Partnering with specialised cybersecurity vendors was the third priority for MSPs at 27% but was elevated as crucial by the panel. Johnson said: “Making the correct vendor decisions is key as it can dictate the direction you go in and the level of help you get on that journey, especially if you don’t build your own SOC or capability in house.”
Callaghan added: “Investment isn’t just pound sterling; it is time and effort with vendors and staff. Time and money can get lost when you are growing in new systems especially if you chose the wrong partner.”
Smart commercial decisions
Panelists also discussed how organisations can generate competitive advantage and develop a successful commercial model, emphasising that MSPs need to be more urgent and more proactive. Johnson highlighted: “A change of behaviour is going to have to be a forced move and not a voluntary step. There will have to be a level of people being pushed as opposed to jumping if we want to keep people safe.”
Callaghan echoed the urgency point and stated: “The most successful service providers aren’t those tentatively going on the education journey, corralling and waiting for renewals to come up before they talk about incremental services and prices, they are they providers leading with an opt-out proposition.
“We see more buy-in when an MSP sends mass messaging to their partners base that says the risk is undeniable and they have adopted new standards as a responsible IT provider. Some go as far to say that their relationships can’t continue if the end-user doesn’t accept a certain level of service as it puts their own business at risk. This is bullish but effective.”
Torres highlighted gap analysis and risk assessments as a necessary pre-cursor to conversations when MSPs are looking to acquire new customers. “This is a low-risk way of getting your foot in the door to spotlight to clients where you can see value in their businesses,” he said.
Here the panel comes full circle to the importance of demonstrating value as opposed to making margin. Johnson discussed commercial models that facilitate this. He said: “We have seen people join the market with pricing based on competition and undercutting. Their next phase is to increase this pricing to get margins up.
“Both approaches here have led MSPs astray and explain the results of our polls. MSPS need to consider how to demonstrate value back.
A final world was given to success in budling by White. He highlighted the trend of vendor consolidation within MSPs and said: “Increasingly partners have preferred vendors and have consolidated as far as they can.
They have chosen products from these venders and have put established bundles in place to suit different segments or verticals. There is one added option that is bringing success for MSPs and that is a custom bundle option that lets partners pick and choose according to their needs. This can be done in collaboration with the MSPs, tying together the commercials, the education and expertise, and creating sticky relationships.”
