A survey of 200 U.S. cybersecurity professionals suggests that about a third (33 percent) don’t trust third-party providers—not due to doubts about the providers’ expertise, but because of uncertainty about their own capabilities
Conducted by Censuswide on behalf of CyXcel, a global cybersecurity consulting firm, the survey finds that 31 percent of respondents do not fully understand the risks they’re responsible for managing, making it nearly impossible to assess whether partnering with an external services provider is worth the cost.
Additionally, just over a quarter (26 percent) feel overwhelmed by the volume and complexity of threats they’re tasked with navigating.
On a more positive note, about two-thirds of respondents appear to have a stronger appreciation of the risks their organizations face and, by extension, the value of external partners. Organizations are spending an average of $85,000 to $120,000 annually on risk management tools and strategies. Key areas where respondents are seeking trusted partners include cyber incident response (23 percent), artificial intelligence (AI) adoption (22 percent), and geopolitical risk management (21 percent).
Expanding the MSP opportunity through risk awareness
Nevertheless, it’s clear that managed service providers (MSPs) could be doing more to tap into the full scope of potential demand for their services. When a third of surveyed professionals lack clarity on the risks their organizations face, it highlights a significant opportunity: MSPs can step in with foundational cybersecurity assessment services to help bridge gaps in internal expertise.
Most MSPs already recognize that risky behavior tends to stem from a small subset of individuals within an organization. A recent study by Living Security found that just 10 percent of employees are responsible for 73 percent of all risky behavior.
Building relationships is crucial
Everyone involved must come to terms with a simple reality: they don’t fully know what’s happening across their IT environment. Many IT and cybersecurity professionals quietly struggle with imposter syndrome, hesitant to admit they might be flying blind—unless they’re reassured that others are in the same position.
Arguably, the most important role of any MSP is to create a safe space where cybersecurity stakeholders feel comfortable acknowledging that risk is inherently uncertain. Rather than relying on fear-based tactics to promote unfamiliar services, MSPs should lead with empathy. Understanding and transparency build trust, enabling teams to establish strong foundations and maintain them over time.
Few business or IT leaders will sign a services contract unless they feel confident in the people behind it. A boiler room of sales reps making relentless calls, backed by thousands of email blasts, can’t replace the value of genuine human connection. The real challenge lies in finding the time and patience not just to win a customer—but to build a lasting relationship they can count on in both good times and bad.
Photo: Tinnakorn Jorruang / Shutterstock
This post originally appeared on Smarter MSP.