Let’s start the week with a review of three reports just out.
ConnectWise released its 2023 MSP Threat Report. It’s a detailed look at the past year, but I wanted to pull out the predictions—five listed.
- MSPs remain targets of supply chain and critical infrastructure attacks
- Zero trust network architecture is critical for MSPs
- Leveraging threat intelligence research and inter-organizational collaboration is essential for MSPs
- MSPs will continue to solve the IT talent gap with tech stack consolidation and leveraging outside services
- Specialized cybersecurity training will increase across the industry, but ramp-up will take time.
Kaseya released its 2023 MSP Benchmark report. They claim Automation was the crucial technology, with 90% of participants citing that. But of note, the top five services that MSPs intend to offer in 2023 fall under the cybersecurity umbrella, covering identity and access management (IAM), security awareness training and dark web monitoring,
61% are using new services to new and current clients to grow this year, and the average MRR range for 26% was between one thousand and twenty-five hundred dollars, with 23% then reporting between twenty-five hundred and five thousand. Demographics-wise, 63% of respondents identified themselves as general-purpose MSPs who provide a host of IT services, 19% identified themselves as network- and data-center-focused, and those specific managed security service providers (MSSPs) increased year over year to 18% of the respondent base.
BackBox has released its 2023 Network Operations and Security Survey. From the report: The vast majority of network security and operations pros (92%) say there are more network updates needed than they can keep up with. And 98% agree that automated network operations will allow their team to focus on more impactful work. In addition, 96% of respondents say that scaling the business is impossible without network automation. Almost half (48%) of survey respondents say their company has not implemented or invested deeply in network automation, opening them up to security breaches and other serious issues.
Why do we care?
So, Connectwise is leaning into security and sell security, Kaseya is leading with automation and selling automation, and Backbox leads with automation and sells network automation. Not judgmental; just saying.
I’ll note that each tells a small piece of the overall story for providers. Sure, security is a big deal… but it’s not the lead deal. Security needs to be baked in, not sold as a SKU. I worry about providers listening too much to the group think of surveys and not making the final leap to apply that to customers.
I recently spoke with an expert for a bonus episode on this – about linking back to business outcomes. Security itself isn’t the outcome – building a customer’s business on a secure foundation such that they hit their business goals is. Using automation to deliver services is not the end goal; it’s about making those services have on customer needs. This data gives you the first half. Not the whole story.

