Making the MSSP Alert Top 250 starts with a strong application, and waiting for the deadline can put your organization at a major disadvantage.
In 2026, accurate, detailed answers matter more than ever because MSSPs can qualify for the flagship ranking and earn recognition in five new award categories:
- Most Innovative MSSP
- Fastest Growing MSSP
- Best Emerging MSSP
- Best Mid-Market Focused MSSP
- Best Enterprise Focused MSSP
To help applicants maximize their ranking, MSSP Alert Publisher and Content Director
Michael Siggins shares his
Top 250 MSSP application tips below. He highlights how you should prepare, what mistakes to avoid, and why you should complete the application process before the
August 21 deadline.
Who should apply for the Top 250 MSSP list?
Siggins: Traditional MSSPs as well as security-focused MSPs that provide continuous monitoring, detection, and response services. You do not need to operate a completely in-house security operations center to
submit an application.Qualified applicants provide ongoing managed security services. Simply reselling cybersecurity products or performing occasional security projects would not necessarily qualify a company as an MSSP.
- Do: Apply if managed security is a recurring, established part of your business.
- Don’t: Assume that using a third-party SOC makes your company ineligible.
Is the Top 250 MSSP ranking based only on revenue? Should smaller MSSPs apply?
Siggins: Smaller MSSPs should absolutely apply. Revenue remains the primary factor in the flagship Top 250 ranking, but the survey captures much more than company size. The application also examines growth, recurring revenue, SOC operations, response times, services, and more.
The new awards introduced this year are designed to recognize excellence beyond company size and total revenue. For example, Best Emerging MSSP spotlights newer providers that have demonstrated strong market momentum, while Best Midmarket Focused MSSP recognizes providers that excel at serving midmarket customers. The recognition isn’t tied to the MSSP’s own revenue.
- Do: Provide accurate details that show how your MSSP grows, operates, and delivers security services.
- Don’t: Overlook the questions that demonstrate innovation and operational maturity. Those factors matter just as much as revenue.
What should applicants gather before starting the survey?
Siggins: The application isn’t long or complicated, but it is smart to prepare. I suggest downloading the
PDF version first and reviewing it before you begin filling in data.
Applicants should gather:
- Managed security services revenue for the year ended Dec. 31, 2025
- Year-over-year revenue growth
- Percentage of recurring revenue
- Managed security employee and SOC analyst counts
- Number of customers and endpoints under management
- Customer retention data
- Detection and response metrics
- Automation rates
- Services and regulatory frameworks supported
Once you have the information ready, you can
complete the form online in about 20-30 minutes. Your progress will be saved automatically, but you must return using the same device and browser with cookies enabled.
- Do: Download the PDF preview and gather your financial and operational data in advance.
- Don’t: Switch browsers or devices midway, since your saved progress depends on cookies being enabled.
Because the MSSP Alert research team may have follow-up questions for you, it’s important to
submit before the August 21 deadline.
Is the information submitted to MSSP Alert confidential?
Siggins: Absolutely. Financial and operational data are used for ranking, award eligibility, and aggregated industry research. Individual financial responses are not published or shared outside the MSSP Alert research group.
- Do: Provide accurate financial and operational information, knowing it will be kept confidential.
- Don’t: Ignore follow-up requests after submission, since the research team may need clarification before finalizing rankings and awards.
What is the biggest mistake applicants make?
Siggins: One of the most common mistakes is treating the application like a marketing form.
A statement like “we operate an industry-leading SOC” does not give the research team enough information to evaluate a business. The strongest submissions are specific, accurate, and consistent.
Applicants should pay particularly close attention to how revenue is reported. When the survey asks for managed security services revenue, do not include unrelated managed IT, hardware, or professional services revenue.
- Do: Verify financial and operational answers with the people responsible for those areas.
- Don’t: Substitute total company revenue for managed security services revenue.
Should applicants select every security service they can offer?
Siggins: Applicants should select only the services they actively deliver as managed services. There is a difference between reselling a security product, having access to a vendor capability and delivering and managing that service for customers.
Checking every possible service creates inconsistencies that lead to questions during the review process.
- Do: Select services that customers actively purchase and receive from your organization.
- Don’t: Select a capability simply because your vendor offers it and you could sell it.
What should an MSSP do when it does not measure a particular metric?
Siggins: Answer honestly.
The survey asks about operational measures such as mean time to detect, mean time to respond, and the percentage of incidents contained automatically. Some MSSPs track these numbers closely. Others may not have formal measurements for every metric.
An accurate “not measured” answer is more valuable than an unsupported estimate. It may also help the company identify an area where its own reporting could improve.
- Do: Check with your SOC team and verify whether the metric is available in your SIEM, ticketing system or case management platform.
- Don’t: Guess or provide an unsupported estimate when “not measured” is the more accurate response.
How should MSSPs answer the Most Innovative MSSP question?
Siggins: Smaller MSSPs often don’t have the resources to fix inefficiencies or compete head-to-head, so they have to get creative. We want to highlight and reward that ingenuity.
The key is to focus on one specific innovation rather than describing your entire technology strategy.
The Most Innovative MSSP section asks applicants to explain one innovation introduced to clients during the past 24 months, including what the innovation is, the problem it solves, how it is deployed and the measurable outcomes it produced.
- Do: Explain one concrete client-facing improvement.
- Don’t: Submit a general description of your security stack.
Help the judges understand what you did differently and how it improved customer security or supported business outcomes.
How can an MSSP write a strong Best Emerging MSSP response?
Siggins: Emerging does not simply mean recently founded. The judges are looking for evidence that the provider has reached a meaningful milestone and is developing into a credible managed security business.
Applicants should describe one achievement from the past 24 months, including the milestone reached, the problem it addressed, how the company delivered it, and the measurable outcome.
The milestone could involve customer growth, a new service, market expansion, or an operational improvement. The best responses tell one complete story.
- Do: Use a problem-action-result structure.
- Don’t: Turn the response into a company history.
How should applicants answer the cybersecurity vendor question?
Siggins: Name the vendors that have contributed most meaningfully to the success of your managed security services business. Applicants may name up to five cybersecurity vendors, with a minimum of two required.
The MSSP Alert 250 awards are designed to recognize greatness in the vendor community as well. This is a great opportunity to help celebrate your best partnerships.
- Do: Name at least two vendors; that’s the minimum requirement.
- Don’t: Choose vendors based only on brand recognition or personal feelings. Help us recognize businesses that have genuinely contributed to your success.
How can I find out if my MSSP made the list?
Siggins: The complete Top 250 MSSP list will be unveiled during
MSSP Alert Live on November 17-18, 2026. Make sure to register and attend the virtual conference to ensure that you’re there to be recognized.
Submit your application today. The MSSP Alert research team may need to follow up with questions or request clarification before the rankings are finalized. Highly ranked MSSPs may also be considered for panel participation during the event.
What are your most important Top 250 MSSP application tips?
Siggins: Give our judges a clear and accurate picture of how your business operates, what it does particularly well, and where it is achieving measurable progress. Use numbers and examples to strengthen your responses.
Most importantly, don’t wait until the last minute to
submit your application. The
deadline to complete the form is August 21, 2026, but I strongly suggest starting today.
Any final thoughts?
I hope this information helps simplify the process for you. I’m thankful that we have so many excellent nominees already, and I look forward to honoring you and them at
MSSP Alert Live.