Cybersecurity is the big story for MSPs, but new research shows that it is far from the whole story. In fact, it’s just the beginning…
New threats keep popping up, ransomware is a constant concern, and supply chain attacks continue to expose vulnerabilities far beyond the initial victim. Oh, and there’s some talk about AI pouring fuel on the fire… (yes, Mythos, we’re looking at you).
Yet beneath the headlines, something more interesting is happening.
According to new research from CyberSmart, based on responses from MSP leaders across the UK and Ireland, more and more customers are looking to providers for something much broader than cybersecurity.
They want help navigating risk, compliance, regulation, governance, supply chains, and business resilience. In other words, they’re looking for partners who can help them operate safely in an increasingly uncertain and complicated world.
Read on to discover why successful MSPs see cybersecurity as just the beginning.
Security is becoming the baseline
The CyberSmart report contains plenty of evidence that cyber threats remain a serious problem. Three-quarters of MSPs surveyed reported suffering at least one breach during the past 12 months, while more than half experienced multiple incidents. Those numbers remain uncomfortably high, even if breach frequency has eased slightly compared with previous years.
What’s striking, however, is how the conversation around cybersecurity appears to be maturing.
For the first time in several years, MSPs are seeing signs that customers have become more knowledgeable about cyber risk. Nearly nine in ten respondents described their average customer as having average or above-average cybersecurity knowledge. At the same time, scrutiny of MSP security capabilities during procurement appears to be stabilising rather than accelerating.

This doesn’t mean customers care less about security. If anything, it means the opposite. Security is increasingly becoming an expected baseline rather than a differentiator.
Buyers are no longer asking whether cybersecurity matters, because they already know it does.
The more important question is who can help them manage it.
Compliance is now a growth market
One of the clearest messages from the research is that customer expectations are expanding.
More than two-thirds of MSPs say customers expect them to manage cybersecurity alongside core IT infrastructure. Just as importantly, 61% report growing expectations around compliance support. That trend should resonate with MSPs across Europe.
NIS2, DORA, sector-specific requirements, customer security questionnaires, cyber insurance obligations, and evolving national regulations are creating new challenges for organizations of all sizes. Many businesses understand the importance of compliance, but lack the internal expertise to manage it effectively.
The survey suggests MSPs are already responding. Investment in compliance capabilities has increased significantly, while compliance services rank among the leading areas providers expect to invest in over the next three years.
For MSPs, that opens the door to new recurring revenue opportunities, including:
• Compliance readiness assessments
• Security policy development
• Continuous monitoring and reporting
• Audit preparation and support
• Risk management consulting
• Employee awareness and training programs
The shift is subtle but important. Customers increasingly want help proving resilience—not just achieving it.
AI is creating a new advisory opportunity
Artificial intelligence continues to dominate industry discussions, and the survey reflects that reality.
Almost half of MSP leaders identified AI-related threats as one of their biggest concerns, making it the most commonly cited risk in the study. Interestingly, customers appear somewhat less concerned than they were a year ago.
That doesn’t necessarily mean the threat has diminished. Rather, organizations may be becoming more familiar with AI technologies and more confident in their ability to use them. The challenge is that confidence doesn’t always equal preparedness.
Many organizations are still grappling with questions around AI governance, acceptable use, data privacy, employee training, and risk management. Those conversations extend far beyond technology deployment.
For MSPs, this creates opportunities to deliver higher-value services such as:
• AI governance frameworks
• AI security assessments
• Employee training and policy development
• Data protection reviews
• AI readiness consulting
The providers that benefit most from the AI boom may not be those selling AI tools. They may be the ones helping customers adopt AI safely and responsibly.
The supply chain challenge is getting bigger
Perhaps the most significant finding in the report relates to supply chain security.
Two in five MSPs or their customers experienced a cyber incident originating from a supplier or third-party vendor during the past year. In many cases, the impact extended beyond a single organization and affected both provider and customer.
This highlights a reality that many MSPs are increasingly confronting: cyber risk rarely stays contained.
Businesses may have strong internal security controls but remain vulnerable through software vendors, cloud platforms, contractors, suppliers, and service providers. As digital ecosystems become more interconnected, these risks become harder to ignore.
The research also found that fewer than half of MSPs continuously monitor third-party risk. Most still rely on periodic reviews. That gap between customer need and current market capability creates a significant opportunity.
Potential growth areas include:
• Vendor security assessments
• Third-party risk monitoring
• Supply chain compliance services
• Security questionnaires and reviews
• Risk reporting and governance
• Continuous monitoring services
As regulators and enterprise customers place greater emphasis on supply chain resilience, these capabilities are likely to become increasingly valuable.
Customers are thinking about business resilience
One of the more surprising findings in the report is that inflation and rising costs now rank as the biggest perceived threat facing customers, ahead of AI threats and ransomware attacks.
That may sound like an economic story rather than a technology story. In reality, it reveals how customer priorities are changing.
Security spending is no longer viewed in isolation. businesses are increasingly evaluating technology investments through the lens of operational resilience, efficiency, and risk reduction—all of which is being weighed against wider business pressures and strategic objectives. For MSPs, this means technical conversations must increasingly connect to business outcomes.
The most compelling value propositions are no longer about features and tools. They are about reducing risk, improving resilience, supporting compliance, protecting revenue, and maintaining customer trust.
The MSP opportunity ahead
Viewed individually, the report’s findings tell familiar stories about cybersecurity, regulation, AI, and supply chain risk. Taken together, they reveal how the role of the MSP is evolving.
Customers still need infrastructure management, endpoint protection, monitoring, backup, and incident response. Those services remain essential, yet they are increasingly becoming the foundation rather than the destination.
The strongest growth opportunities now sit higher up the value chain, where cybersecurity intersects with compliance, governance, resilience, and business strategy.
The MSPs that thrive over the next few years will be those that expand beyond technology management and position themselves as trusted advisors. Those successful service providers will help customers navigate regulation, assess risk, manage suppliers, adopt AI safely, and build resilience across their organizations. Will you be one of them?
Join us at MSP GLOBAL 2026 to make cyber, compliance and risk connections with potential partners and clients.
Tickets are free once you’ve registered for our newsletter. Scroll down to subscribe.
Got a code? Then grab your ticket here.
All data and images from The CyberSmart MSP Survey 2026.



