MSPs face considerable hurdles when a client experiences a data breach. 97% of MSPs experience churn after a client ransomware incident.

Will Your Business Survive a Client Breach? Your Client’s May Not.

When a client’s business suffers from a ransomware attack on their MSP’s watch, they may not survive.

Small and medium-sized businesses (SMBs) are twice as likely to be infected with malware as larger businesses.

As a result, MSPs must expand their thinking about cybersecurity to go beyond anti-malware and preventative measures. After all, the frequency and intensity of recent ransomware attacks indicate that an attack will occur. 56% of MSPs report attacks against clients. 15% of MSPs report multiple ransomware attacks in a single day.

When an attack does occur, SMBs often don’t recover. 60% of SMBs don’t recover after a cyber attack.

Let’s be honest: MSPs are often SMBS. 80% of MSPs agree that their businesses are increasingly targeted by ransomware attacks.

When a client suffers, the MSP suffers too. They don’t need to be directed impacted by the attack; when a client churns, that also can cause business failure.

MSPs Face Considerable Hurdles: An Erosion of Trust

57% of MSPs reported churn in the 11-20% range after a ransomware event.

However, MSPs anticipated far less churn. The following image contrasts expectation vs reality. There is a significant gap that indicates MSPs are learning how to manage client trust after a ransomware event.

MSP Ransomware Risk

Some SMBs may feel compelled to find a new service provider to signal that they are taking action to secure their business. Others may seek a service provider who can prove that their breach detection tactics are verifiable, and acceptable to an insurer.

It all comes down to trust: if the SMB doesn’t trust that the MSP has their back – all bets are off.

The Hurdles

A blast radius is the distance from a detonation that will be affected when an explosion occurs.

When one MSP client is attacked, every downstream endpoint is impacted. Yet, so too is the MSP. The blast radius goes far beyond the initial target.

We’ve identified four hurdles MSPs face when a client’s data is breached. These hurdles indicate the magnitude of a cyber attack, for both the MSP and their clients.

MSP Client Churn post breach

Hurdle 1: Cost of Recovery

Client downtime and churn are directly related.

When a client experiences downtime, it’s not a matter of hours. Typically, it’s a matter of days and weeks. 52% of MSPs indicated their clients experienced 3 – 6 days of business interruption after a ransomware attack, while 30% experienced 7 – 14 days of downtime. Canadian MSPs report the highest average cost of downtime: $180,000.

$180,000 in unanticipated costs represents a significant threat to the survival of most SMBs. If they can recover from this level of expense, they are likely to find a new, more reliable service provider.

With this in mind, the cost of recovery doesn’t just impact a breached client. It also impacts the MSP, who is likely to lose business after their client experiences a breach.

Hurdle 2: Liability

Who is responsible when a client is attacked while under contract with an MSP?

In the case that a client is attacked because a piece of software provided by the MSP wasn’t updated or a bug went unpatched, the MSP may be responsible. This depends entirely on the terms of service signed when the client and the MSP inked a deal.

Clear communication of terms of service can cover any questions about liability.

Hurdle 3: Insurance

Cyber insurance plays an important role in any IT-driven business.

On the client-side, cyber liability insurance plays a vital role in survival. This can help the client cover expenses related to downtime and business recovery. This coverage protects the client from data breaches and data losses for which the MSP is not at fault.

For the MSP, professional liability insurance is critical when a client experiences an attack on your watch. Specifically, if the client believes negligence played a role in the breach.

However, 35% of MSPs indicated they had no liability insurance when their client experienced a breach. This means that should a client be impacted, the MSP may fail – leaving all their clients without service.

Liability insurance is key to survival, despite the cost or complexity.MSP Hurdles After Client Breach

Hurdle 4: Staffing

MSP staffing is a common choke point in detection and recovery from a ransomware attack.

Most MSPs operate with careful margins and carefully placed staff. When a disaster strikes, that means there may not be sufficient person-hours and resources to go around. The added responsibility of recovering from an attack can incur costs that disable a small MSP.

65.2% of MSPs indicated they employed too few people to adequately respond to an attack, and they required support from another service (incurring an unexpected cost) or were forced to allocate resources in a way that gave preferential treatment to some clients over others (incurring the wrath of an angry client base).

When possible, the best method to avoid staffing issues is to partner with a trusted resource for specialty services, like cybersecurity.

MSPs = CIOs for Small Businesses

MSPs play a vital role within SMBs. They are constantly at the frontline of detection and reaction to cyber-attacks.

To protect their clients from threats, minimize the impact of attacks, and reduce downtime, MSPs require a new approach to security. That includes preparing for the unexpected.

Verifiable Security MSPs and their Clients can Trust

MSP clients deserve the same security as organizations with big budgets and security operations teams. A smaller budget shouldn’t mean a less secure environment.

We offer the team. We offer the expertise. With the support of CYDEF’s experts, an MSP can reduce churn by providing verifiable data on what happened on a network, when.

CYDEF offers Endpoint Detection and Response solutions that enhance our partner’s approach to breach detection. With services that detect, analyze and respond to security breaches – CYDEF removes the burden of managing platforms or developing cybersecurity expertise. You outsource your client’s cybersecurity concerns to our tenured team. Visit our site to learn more about how SMART-Monitor can reduce your client churn and increase satisfaction.