WELCOME TO A NEW YEAR and a new decade! Both are sure to be filled with unexpected opportunities, unavoidable missteps, unanticipated success stories, and a host of surprises. 2019 certainly was, as we know now thanks to (forgive us) 20/20 hindsight. We asked a collection of the industry’s top observers what they anticipate will happen this year and didn’t anticipate a year ago. Here’s some of what they told us.
2019, Michael O’Hara once hoped, would be the year people really, truly, finally started taking security seriously. In hindsight, he concedes, those hopes were misplaced.
“No one’s learning any lessons,” he sighs.
Well, not no one exactly. “Larger corporations are finally starting to pay some attention and pay some real money to hire real cybersecurity staff,” he says, adding that they’re deploying layered defensive technologies to boot. That has cybercrime gangs asking themselves who isn’t investing in security.
“It’s small to medium-sized businesses,” according to O’Hara. In a phenomenon he refers to as “digital fracking,” attackers looking to extract more money with less effort will capitalize on that vulnerability in a much bigger way this year.
“The organized bad guys are going to start casting their net wider and further and looking to pick up these small to midsized businesses that are less likely to be protected, less likely to be educated, and more likely to be a little bit on the gullible side,” he says.
Naïve business owners won’t be solely to blame either, he adds. Inexperienced IT providers who think anti-virus software and a firewall are all it takes to keep clients safe will bear some responsibility too. “These small providers and small MSPs actually believe that those firewalls are enough, and therefore the small business is left completely exposed, easily infiltrated, and the data easily exfiltrated,” O’Hara says.
Training and certification are part of the answer, he continues, but only part. Like it or not, channel pros who don’t specialize in security must collaborate more extensively with third parties who do. “You can’t be the chief cook and bottle washer when it comes to cybersecurity. You need to rely on people who are experts,” O’Hara says.
You may need to be a persuasive dealmaker too, according to Paul Dippell, CEO of managed services consultancy Service Leadership. He’s recently concluded that MSPs should probably be charging $40 a user per month on average for a good, complete, and profitable security offering. Not an enormous sum on its own, but a big price hike if you’re billing clients $150 per user now.
“That’s a huge, huge selling hurdle,” Dippell notes.
Good thing, then, that he also anticipates prices overall for managed services will continue climbing this year, partly because SMBs have never relied more on IT, partly because the supply of MSPs capable of supporting IT well is smaller than it might appear, and partly because providers who have been in the business a while are finally mastering the art of measuring costs and setting rates properly. “That takes a while to learn,” Dippell observes.
Indeed, even top-performing MSPs have room to charge more. Dippell gathers performance and finance statistics from thousands of MSPs, 80% of whom are in the U.S., every three months. Providers in the top quartile currently collect about $175 to $185 per user per month on average. “We’re fearlessly predicting that the price per user per month will probably peak out around $300,” he says, if not this year then eventually.
MSPs selling their business can expect to pocket more in 2020 too. While over 35% of the companies Dippell polls call themselves very likely to buy one or more MSPs in the next three to five years, just 13.2% say they’re very likely to sell.
“There is a mismatch between demand and supply,” Dippell says. It doesn’t take an economist to predict the repercussions.