Organisations trust their MSPs, yet routinely fail to ask them basic cyber security related questions. And admit to suffering unscheduled downtime as a result.
Kocho, a leading provider of managed services including managed IT support, has announced the results of an independent survey designed to assess the preparation and resilience of UK businesses’ digital supply chains.
In the event of a major cyber attack, virtually all of the respondents were either totally confident (71%) or moderately confident (29%) that their MSP could continue to deliver their services.
However, 97% of those surveyed confirmed that they had suffered unscheduled downtime in the previous year, with a whopping 88% of these incidents being connected to cyber-related activity.
Survey results reveals failure to ask tough questions
The research was conducted in October 2022 on behalf of Kocho by Vanson Bourne, an independent specialist in market research for the technology sector. Their reputation for robust and credible research-based analysis is founded upon rigorous research principles.
The online survey polled 200 senior business and technology professionals at mid-sized UK businesses, employing between 500 and 3,000 people.
These businesses hail from the worlds of finance, insurance, private healthcare, the legal sector, and manufacturing. All of them rely on MSPs to run at least some of their IT estate.
50.5% of those surveyed stated their operations would be severely impacted by a disruption to their MSP’s service, with 15% saying they would be left unable to operate at all.
Just over a quarter (25.5%) said that their ability to operate would be partially impacted by such a disruption.
When it came to selecting an MSP, 60% of respondents stated that cyber security was a top priority, while 34% said it was a key part of the decision-making.
Despite this, many organisations failed to ask fundamental security-related questions during the tender process.
When selecting an MSP, businesses don’t always ask enough tough questions. This could leave them vulnerable.
Director of Information Security
Not so essential? Cyber Essentials and GDPR gaps
Even though it’s a scheme backed by the UK government, only 40% checked/asked if their MSP was Cyber Essentials Accredited at the tender process.
The scheme is specifically designed to protect organisations against a range of threats, and yet, less than half of businesses surveyed thought it important enough to inquire about.
Shockingly, even fewer (38%) asked if their MSP was fully GDPR compliant. GDPR violations can cost a business up to £17.5 million (€20 million) or up to 4% of an organisation’s total global turnover of the preceding fiscal year, whichever is higher.
And, despite two-factor authentication being a cyber security must-have, only 36.5% of those surveyed stated that 2FA must be deployed.
Fewer still (34.5%) asked their MSP if an incident response policy was in place. With just over half (56%) of organisations thinking it important enough to do third-party audits to verify or test MSP defences.
“…At least some of this confidence might be misplaced.”
“On the whole, UK businesses are very trusting of their MSP’s abilities to withstand attacks and have considerable confidence in their digital supply chains.
“However, this research does also suggest that at least some of this confidence might be misplaced,” said Jacques Fourie, Director of Information Security, Kocho.
“When selecting an MSP, businesses don’t always ask enough tough questions; this could leave them vulnerable.
“Organisations may think that by passing the management of their IT to a third-party, they no longer need to worry about security, but that’s simply not the case – we can see from this research that any MSP outage could hit businesses hard.”
Download the full report below.
Grab your copy!
Security risks in the digital supply chain
Your MSP could represent a weak link in the security of your digital supply chain. Download our report and find out:
- Must-ask security questions for your MSP.
- The business risks of trusting your MSP too much.
- What security credentials your MSP must have.
Sign up for great content and exclusive invites
Subscribe to the Kocho mailing list if you want:
- Demos of the latest Microsoft tech
- Invites to exclusive events and webinars
- Resources that make your job easier
In this role as Director of Information Security, Jacques ensures our clients stay protected in an ever changing threat landscape. He works with our clients to understand their risk profiles and to deploy mitigation strategies using the latest technologies.
Latest business news and stories
We’re here to help you on your journey towards becoming greater.
Get in touch to find out how.