In the highly competitive world of managed service providers (MSPs), business leaders make tough decisions on how to balance costs and revenues to maximise profits without decreasing quality. In such a world, a low-cost security service seems like a gift from heaven which businesses ought to accept to cut their costs.
But there are certain hidden costs of doing business in areas where such trade-offs between price and quality can become harmful. And cybersecurity is one of those areas.
Participating at the Kaseya DattoCon Europe 2024 conference focusing on MSPs, I had a chance to speak with several MSP representatives on this topic. Time and time again, I heard from them that their budgets were so tight that they opted for a cheaper solution despite the risks of being breached during more elaborate cyberattacks. A penny saved is a penny earned, right?
Well, let me show you why this is not a good idea.
What are your chances
It is true that free antivirus solutions can deflect some simple attacks, but unfortunately, the days when simple viruses were among the few threats to businesses are long gone. While some threat actors are status driven, most remain driven by financial gain (93% of all attacks), and money is the all-powerful motivator for improving their tools and techniques.
This is the reason 66% of organisations worldwide fell victim to ransomware attacks between March 2022 and March 2023, according to a survey published by Statista among cybersecurity leaders at global organisations.
Another more advanced threat causing headaches for business owners all around the world is the exploitation of software vulnerabilities. Currently, MITRE ATT&CK’s List of Common Vulnerabilities and Exposures (CVE) has documented more than 237,000 of them.
A 2024 Ponemon Institute report found that only 38% of respondents are confident that their organisations are effective at detecting and responding to an exploit of a known vulnerability. Almost half of respondents (47%) said it takes at least a month to more than six months for their organisations to respond to a critical software vulnerability.
Due to the manner of their business, MSPs should be also concern themselves with cloud attacks. In 2022, nearly 50 percent of respondents globally stated that their company confronted unplanned expenses in order to fix security gaps due to cloud attacks, and 15 percent of respondents registered a decrease in new sales.
So, if you think that your clientele encountering more advanced cyberattacks is just a “theoretical threat” and “something like that can’t happen to them on my watch,” think again.
Possible loses
Now, let’s take a look at the financial aspects of deploying a high-quality cybersecurity solution. Something I heard particularly from smaller and medium-sized MSPs trying to make every penny count was that they aim to save as much money as possible.
However, my response was that by investing a few thousand euros more now, they could save hundreds of thousands of euros in the long run.
To drive this point home, the costs of a breach are not small. IBM Security studied 553 organisations impacted by data breaches that occurred between March 2022 and March 2023, and found that the average total cost of a data breach reached $4.45 million in 2023.
Only a third of companies discovered the data breach by themselves, which really highlights the importance of high-quality support, particularly threat detection—especially considering that the costs were nearly $1 million higher in cases where attackers disclosed a breach.
At ESET we believe in a prevention-first approach, which means mitigating a threat before it can do any harm. Catching malware activity within business systems is nice, but it often also means that the malware has already caused complications, such as business disruptions and revenue losses from system downtime, lost customers, and reputation damage. In the aforementioned IBM study, these additional costs reached an average of $1.3 million.
In the U.S. alone, the cost of cybercrime in general reached $320 billion in 2023 and is projected to reach $1.82 trillion by 2028.
These worrying trends expose the claim that smaller businesses are not interesting for cybercriminals as a myth. Quite the opposite, threat actors are well aware of smaller and medium-sized businesses’ (SMBs) weaknesses. This year, 56% of SMBs have already faced at least one cyberattack and 78% are concerned that a severe cyberattack could drive them out of business.
There is a price for deploying a lower-quality product and you probably don’t want to pay it.
Deploying high-end technology is not window dressing
At present, many MSPs are given solutions for free, which keeps them in vendors’ ecosystems. But they pay a price in terms of poor operability and performance. For example, representatives at some bigger MSPs I spoke with said that they weren’t happy with the quality of the telemetry they could gather from clients’ endpoints.
On the other hand, ESET products were praised for their automation and seamless operation without disruptions. Our protection for businesses, ESET PROTECT, enables operating on a single unified cybersecurity platform, which makes the lives of MSP admins easier. “It simply works,” I heard from our customers, which is feedback we have been receiving since we launched our MSP program in 2013.
“We’ve picked up customers of all shapes and sizes over the last 20 years. But from an antivirus and endpoint security point of view, once we’d settled on ESET, the products evolved as we have. The relationships we’ve been able to garner and build with the Support Teams, the Sales Teams, the PreSales Executives, with everybody at ESET are long-standing,” said Andrew Owens, Head of Sales, Risc IT Solutions.
Check out how the ESET MSP Program elevates Risc IT Solutions’ business growth here:
And there is another aspect of investing in a high-quality security solution – vendors’ experiences and reliability. For example, ESET is a global leader in digital security with more than 30 years of experience, having more than 1 billion protected internet users, 13 global Research & Development (R&D) centres, and more than 600 R&D experts. The quality of our protection has been repeatedly acknowledged in numerous comparatives over the years.
What about the reliability of cheap or free products? Let’s put it this way: there is a reason many of them don’t appear among the recognised comparative tests and analyses.
Benefits of ESET MSP program:
Leading cybersecurity technology –ESET PROTECT offers multilayered security technology combining machine learning, AI, a cloud reputation system, and human expertise. With ESET PROTECT, MSPs can offer flexible subscription solutions, providing security for all major platforms.
Multiple capabilities in one package – Decrease the attack surface with modern endpoint protection, server protection, threat hunting, mobile threat defence, cloud app protection, Vulnerability & Patch Management, and much more.
Flexibility – With daily billing and monthly invoicing, customers pay for what they really use: no flat rates, with no long-term commitment. Flexible management allows users to upgrade subscriptions and adjust seat counts on their own.
Unified ecosystem – With ESET’s cloud-first ESET PROTECT Platform, users have a complete overview of all their clients from a single pane of glass, allowing them to see and manage clients in one place.
Automation – ESET PROTECT automation features, such as Dynamic Groups, were designed to save IT admins time and help them avoid portal fatigue.
Integrations – ESET actively cooperates with the major RMM and PSA players to create best-of-breed, in-depth integrations.
As you can see, this is not just a simple protection of businesses’ endpoints against simple viruses but a robust solution covering a huge threat landscape. And all of these are offered for a fair price. If you are not sure about the ESET MSP program value, just check the prices for all these capabilities on the cybersecurity market when offered as standalone products.
You have only one reputation
A vision of having a free cybersecurity solution that covers all business needs while saving some money may be intriguing but is far from reality. While cyberthreats are becoming more sophisticated, IT processes are getting more complicated, and a proper cybersecurity solution should address both problems at once.
Failing to do so leads to business losses, disruptions, and losing clients. Remember, you have only one reputation, which is worth more than savings on a cybersecurity product.
Discussion about this post