Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3


February 27, 2023 | Mike Arrowsmith

How MSPs Can Avoid Legal Peril When Offering Cybersecurity Services

Never before has a security professional been criminally charged for decisions made during a cybersecurity incident, and that’s a game changer for MSSPs/MSPs.

THE CONVICTION last fall of Uber’s former CISO, Joe Sullivan, continues to make waves among security professionals—and rightfully so. It’s an unprecedented event that will have a ripple effect on the entire industry.

Convicting Sullivan on charges of covering up a data breach involving millions of Uber user records is a clear warning that the federal government is taking action. Moving forward, the Ubers of the world won’t be the only ones under increased scrutiny. However, for many managed service and managed security providers, there is a lot of confusion surrounding what this incident might mean for them. To complicate matters, MSPs work with hundreds of clients on average, adding an extra level of complexity to breach disclosure and the issue of responsibility.

So now the question is: What can MSSPs and MSPs do to protect themselves and their companies?

Personal accountability is complicated and puts many in the industry on edge. Before the case against Sullivan, companies were the ones held responsible for keeping customer data safe. There are several examples of companies getting hit with massive fines and penalties (e.g., Equifax, Capital One), but never before has a security professional been criminally charged for decisions made during a cybersecurity incident. While this was a first, it certainly won’t be the last.

This conviction forces all MSSPs/MSPs—particularly leadership—to take a step back before making a decision to ensure they are doing their due diligence. There are a lot of unknowns in the world of cybersecurity, but the federal government is looking at whether an investigation was purposefully misled or if a known breach was not disclosed in a timely fashion. The key word is purposeful.

Security is not foolproof, but you must make the best decision based on available information. In theory, everyone should already be doing this, but in some companies, doing the right thing is not a clear-cut decision. Unclear internal guidelines, conflicting priorities, and multiple individuals involved in the decision-making process can create confusion.

If your customer, for example, prioritizes growth over everything else, you will need to push back. More than ever, an alignment of values that extends across your customer’s organization will be important.

Putting Customer Information Above All Else

Some companies are creating a new role of chief trust officer, who focuses on the customer data collected and processed. This is to ensure a company is always doing the right thing regarding customer data.

For anyone in the world of cybersecurity, the Sullivan/Uber case is a reminder that we have an innate responsibility to protect our company, but above all else, our customers. For MSPs specifically, they need to have a firm handle on what is happening at the companies they work for and upfront guidelines regarding breach notification. While MSPs work for their clients, they are also responsible for the safety of their clients’ customer data.

Threats are becoming more sophisticated and common, and regulations are consistently evolving. So, while cybersecurity leaders should be held accountable in obvious cases of negligence, it’s important to remember that we are all operating in a complex landscape. We don’t want to discourage people from entering the cybersecurity space (one already woefully understaffed) or force security leaders to work in a state of constant worry. It’s about finding balance: Leaders should be held accountable, but within reason.

MIKE ARROWSMITH is chief trust officer at NinjaOne, developer of a unified IT management solution.

Editor’s Choice

Broadcom-VMware Shakeout: How the Channel Has Been Affected By the Big Industry Acquisition

April 11, 2024 |

Industry experts weigh in on the “messy breakup” that MSPs were left with after Broadcom’s acquisition of VMWare.

Selling Cybersecurity: How MSPs Can Become Crucial Partners in Managing Risk

March 27, 2024 | David Powell

MSPs should try to bring an end customer into the cybersecurity fold. Here are some ways to help drive that.

3 Questions with Ingram Micro’s Sanjib Sahoo on Integrating AI into Managed Services

March 25, 2024 |

Ingram Micro’s EVP and chief digital officer shares some insights on how MSPs can effectively integrate artificial intelligence into their business operations.

Related News

Growing the MSP

Explore ChannelPro


Reach Our Audience