Threat actors are increasingly targeting SMBs and mid-market companies, knowing many do not have the same security resources or defenses as larger enterprises.
“That realization hit hard around the ransomware wave of the late 2010s,”
Adam Winston, vice president of endpoint security and managed detection and response (MDR) for
WatchGuard Technologies, told MSSP Alert. “What's changed since then is the relentless compounding of complexity: more cloud, more remote workers, more devices, stricter regulations. Internal teams just couldn't keep up.”
Then came AI, which Winston called “the latest accelerant.” That said, the fundamental challenge facing these smaller businesses are the same ones WatchGuard and others in the cybersecurity field have seen build for years: The expanding gap between what threats demand of internal security teams and what those teams can deliver.
It’s convincing SMBs to increasingly look for outside help from MSSPs and MSPs, and to evolve their expectations of the service providers, from one of providing and managing tools to becoming strategic advisers. It’s a shift that is opening up opportunities for MSSPs and MSPs.
Guidance, Not Just Execution
“It used to be, ‘Here's what we need, configure it,’” he said. “Now it's, ‘Tell us what we should be worried about and what we should do about it.’ Customers are coming to their MSP for strategic guidance, not just execution. That's a very different relationship.”
A report from WatchGuard is putting this evolving relationship into perspective. Of the almost 1,000 IT and cybersecurity leaders around the world who were surveyed for the vendor’s
From IT Support to Cybersecurity Powerhouse: The New Mandate for MSP Growth, 91% are worried about AI-driven attacks, and 75% percent were hit by at least one security incident over the past year, illustrating the growing number and sophistication of the threats.
At the same time, 54% said they don’t have the ability to deliver continuous monitoring and response, and 67% need additional support to meet the increasing compliance demands.
'An Important Market Transition'
For SMBs and mid-market players, the lack of skilled talent isn’t the problem; it’s their lack of capacity to handle this complex landscape. They’re also becoming less concerned about the money they have to spend and more about the value they get from it. Among survey respondents, 75% expect cybersecurity spending to increase over the next two years, and 47% are willing to pay more for continuous monitoring and rapid incident response. In addition, 44% would pay more for AI-driven detection and response.
“This signals an important market transition,”
Tracy Hillstrom, vice president of brand and content marketing at WatchGuard,
wrote in a blog post. “Customers are no longer evaluating cybersecurity providers primarily on cost; they are evaluating them on value, responsiveness, expertise, and outcomes. This shift opens the door for MSPs to expand higher-value services such as MDR, threat hunting, compliance support, and AI-powered security operations.”
Bigger Checks, Harder Questions
For MSSPs and MSPs, the challenge is being able to meet the demands of these smaller businesses, Winston said. Those who do have a significant opportunity. Organizations’ security budgets are growing, and a growing percentage will go to security services providers, but there’s a caveat.
SMBs are not “just writing bigger checks; they're asking harder questions about what they're getting for their money,” Winston said. “MSPs who can answer that clearly – who can walk a customer through exactly what threats were stopped and what risk was reduced – are having no trouble growing. Those who can't are feeling real pressure, even as budgets increase.”
Service providers need to be proactive. The MSSPs and MSPs that are thriving are building the capabilities they need now, while those struggling treated AI as a future consideration rather than an in-the-moment requirement, he said.
The Need for Speed
“Speed is also something we can't stress enough,” Winston said. “When an incident happens, every minute matters to the customer, and MSPs who can't demonstrate a fast, decisive response are vulnerable. The switching risk [of moving from one MSP to another] is very real. We see it. Customers have more options than ever and less patience for providers who aren't evolving with them.”
In her blog post, Hillstrom put an emphasis on the need for MSSPs and MSPs to understand that organizations are prepared to switch providers if they feel it’s necessary. More than half of those surveyed in the report said they expect to change cybersecurity providers within the next three years.
The Risk of Switching
“This underscores an important industry reality: customer loyalty cannot be assumed,” she wrote. “MSPs that combine strong security outcomes with transparency, responsiveness, and strategic engagement will be better positioned to retain customers in an increasingly competitive market.”
Hillstrom also stressed the need to reduce the complexity of the security environments of their clients, who are demanding unified platforms that consolidate tools, improve visibility, and simplify operations. It’s another opportunity for MSSPs that can move clients from disconnected point solutions to integrated ecosystems.
“Customers are rethinking what they need from providers, how they measure value, and who they trust to help them navigate growing cyber risk,” she wrote. “For MSPs, this is more than a technology shift. It is a business evolution. The providers that embrace strategic advisory roles, invest in advanced security capabilities, improve customer experience, and focus on measurable outcomes will be best positioned to lead the next era of managed cybersecurity.”