This article first appeared in News in the Channel issue #39.
MSSPs (Managed Security Service Providers) may be threatened by the solutions that systems integrators provide, but there are ways they can still compete as Merlin Gillespie, Director at Cybanetix, explains.
Competing against a behemoth Systems Integrator (SI) may seem unthinkable to some, but the reality is that, akin to David and Goliath, managed security service providers (MSSPs) can outmanoeuvre their larger competitors.
SIs are increasingly encroaching on MSSP turf, with many now offering security solutions and services such as management detection and response via a Security Operations Centre (SOC). What’s more, expectations are that cybersecurity services will be a core revenue generator for them resulting in a in CAGR of 6.8% to 2034, which means they will continue to build out their service offerings.
Yet many MSSPs have failed to see the threat and continue to offer a cookie cutter approach. This sees a menu of services offered to clients with little differentiation or tuning over the lifetime of the contract even though this could span years. In an industry where threats can evolve rapidly, adopting such a fixed approach is no longer viable. Most SIs recognise this and will provide the ability to add on or ramp services up or down within the SLA, although such changes come with a hefty price tag. In contrast, MSSPs tend to lock-in their clients to give them recurring revenues and a stable client base but that often means the focus is not on improving the client’s security stature.
Continual improvement
For businesses that run their own SOC in-house, the focus is on continual improvement as the organisation seeks to become more cyber mature in its posture. It’s not just about maintaining business operations but ensuring the organisation becomes more resilient and is then capable of fighting of tomorrow’s attacks.
If MSSPs seek to emulate this approach, with a focus on continual improvement, without the punitive costing structures associated with the SI’s SLA, they can compete with these giants and prevent the erosion of market share. This can be achieved by implementing a continuous service improvement program that deepens the way in which the MSSP works with its clientele.
When an MSSP onboards a new client, for instance, rather than focusing just on technology onboarding and SOC integration, the process should incorporate deployment planning workshops that identify the how best to tailor the service. This is not just about tuning the tooling, but a chance to identity options for advanced playbook automations or ways to extend detection, use case rules and alerting.
Proving value
Over time, the MSSP will usually seek to analyse the SOC data to identify gaps and weaknesses. But to pursue continuous improvement, such data should also be used to explore potential technical roadmaps and service enhancements that align with the risk profile of the client. If the service is aligned with the customer’s security strategy, it can help the business to reach its business goals.
MSSPs can demonstrate that they are adding value by expanding their reporting capabilities. If they capture not just the usual metrics and performance statistics but also analyse the health and performance of the technology as well as configuration change management, they can show how the service has directly led to an increase in security maturity, proving their worth. Plus, because a cost isn’t assigned to each change to the SLA, rolling improvements become part of service delivery.
Those improvements go both ways; they make the client more secure, but also make it easier for the MSSP to oversee their security. But, if the business does not improve its cyber maturity, its exposure to risk increases over time, making it more susceptible to attack and difficult to protect.
Maturity and resilience
The 2025 Cyber Benchmark report, which measured security posture against the NIST Cybersecurity Framework v2.0 and ISO27001, found the average maturity level of large corporations (classed as turning over more than one billion euros in revenue annually) stood at 54%. That means that almost half of big business is not cyber ready. If those businesses are tied into contracts spanning years in which they are disincentivised to make changes to head off threats, they’re effectively becoming weakened over time.
Ultimately, it’s in everyone’s interests to improve resilience. But current servicing models take the opposite tack because it’s seen as easier and more cost effective NOT to change the way things are done. It’s a commercial and a national necessity that those providing outsourced security services adopt a more agile approach.
For SIs this presents a problem. They’re often too big and unwieldy to provide such flexibility. But MSSPs have the dexterity to be able to routinely review their service offerings and the vendors they work with, which means they can assess and deploy cutting edge technologies more easily and move with the market. The question is whether they realise they have the advantage or continue to skulk in the shadow of the SIs.
