UK managed services providers (MSPs) have applied for government financial relief in the wake of the COVID-19 pandemic, with 74% receiving the help they needed.
According to a survey of 500 MSPs by Solarwinds, 45% of UK MSPs have had to furlough staff, and 50% said they had applied for government financial relief.
However, whilst 65% of MSPs do not anticipate making any pricing changes to their managed services package in the long-term, 19% have reduced their services to fit shrinking customer budgets and 13% intend to increase their prices following the pandemic.
The survey also found that the majority of businesses (with a revenue up to $10m) did not think that it was likely they would engage in a merger or acquisition to support expansion. However, for MSPs with a revenue over $10m, 40% said it was likely they would engage in a merger or acquisition, while 37% said it was not likely and 23% said they were not sure.
Colin Knox, vice-president of community, SolarWinds MSP, said the overwhelming majority of MSPs retaining their staff “during a time period characterized by uncertainty is truly heartening.”
He said: “This crisis has re-enforced the value MSPs bring to businesses. Without MSPs as an extension of the team — focused on risk mitigation and business continuity — many businesses would have been lost, and wouldn’t have been able to support remote working on such a vast, immediate scale. The knowledge, expertise, and skillset of MSPs has been crucial in this changing climate. They have truly become essential.”
In an email to Infosecurity, Brian Honan, CEO of BH Consulting, said staff being furloughed is a worrying trend as it may highlight many MSSPs do not have the financial stability to survive in the long-term. He said: “Good security staff may not wish to work for a MSSP that is struggling financially and may seek better job stability elsewhere, leaving lesser skilled staff working in the MSSP. If your company’s security relies on a MSSP provider that is not financially stable you could be facing potential service delivery and service quality issues in the medium to long-term.
“It is also worth noting that criminals could take advantage of a MSSP that is furloughing their staff. Staff that are suffering financially are more susceptible to bribery which criminals will exploit. It can be cheaper and more effective to bribe an insider than it is to hack the organization.”
Honan also raised concerns about the numbers of MSPs that have staff working remotely. “Remember that some of the most sensitive data in an organization could be passed over to an MSSP,” he said. “If an MSSP had moved to a remote working environment then how secure are their remote workers? Many MSSPs traditionally have their operations center physically secured and isolated, both physically and logically, from the rest of their business to ensure the security of their clients’ networks. Can the MSSPs offer the same level of security from the homes of their remote workers?”
He also made the point that in the rush to support remote working, have those MSSPs spent enough time and resources to ensure their systems are properly secured for the new work environment?
“Let’s not forget that criminals will look to take advantage of any weakness in a company’s security,” Honan said. “We have seen attacks in the past targeting MSSP providers to use them as a stepping stone to attack the MSSP’s own customers. Alternatively criminals could take advantage of any security holes in the MSSP’s new remote working solution by attacking the MSSP to cover an attack against one or more of its customers.”
Honan also said the market has been flooded with new MSPs who see the opportunity to make money, and the coming months may see some of the smaller and non-security specialist players drop from the field as they face financial difficulties.