In the highly competitive world of managed service providers (MSPs), business leaders make tough decisions on balancing costs and revenues to maximise profits without decreasing quality. In such circumstances, a low-cost security service seems like a gift from heaven, one which businesses ought to accept to cut their costs.
But there are hidden costs of doing business in areas where such trade-offs between price and quality can become harmful. And cybersecurity is one of those.
Participating at the Kaseya DattoCon Europe 2024 conference focusing on MSPs, I had a chance to speak with several representatives on this topic. Time and time again, I heard from them that their budgets were so tight that they opted for a cheaper solution despite the risk of being breached during more elaborate cyberattacks. A penny saved is a penny earned, right?
Well, let me show you why this is not a good idea.
What are your chances?
It is true that free antivirus solutions can deflect simple attacks, but unfortunately, the days when simple viruses were among the few threats to businesses are long gone. While some threat actors are status driven, most remain driven by financial gain (93% of all attacks), and money is the all-powerful motivator for improving their tools and techniques.
This is the reason 66% of organisations worldwide fell victim to ransomware attacks between March 2022 and March 2023, according to a survey conducted by Statista among cybersecurity leaders at global organisations.
Another more advanced threat causing headaches for business owners all around the world is the exploitation of software vulnerabilities. Currently, MITRE ATT&CK’s List of Common Vulnerabilities and Exposures (CVE) has documented more than 237,000 of them.
A 2024 Ponemon Institute report found that only 38% of respondents are confident that their organisations are effective at detecting and responding to an exploit of a known vulnerability. Almost half of respondents (47%) said it takes at least a month to more than six months for their organisations to respond to a critical software vulnerability.
Due to the manner of their business, MSPs should be also concern themselves with cloud attacks. In 2022, nearly 50 percent of respondents globally stated that their company confronted unplanned expenses in order to fix security gaps due to cloud attacks, and 15 percent of respondents registered a decrease in new sales.
So, if you think that your clientele encountering more advanced cyberattacks is just a “theoretical threat”, and “something like that can’t happen to them on my watch,” then think again.
Possible losses
Now, let’s take a look at the financial aspects of deploying a high-quality cybersecurity solution. Now, something I heard particularly from smaller and medium-sized MSPs trying to make every penny count was that they aim to save as much money as possible.
However, my response was that by investing a few thousand pounds more now, they could save hundreds of thousands of pounds in the long run.
To drive this point home, the costs of a breach are not small. IBM Security studied 553 organisations impacted by data breaches between March 2022 and March 2023, and found that the average total cost of a data breach reached $4.45 million in 2023.
Only a third of companies discovered the data breach by themselves, which really highlights the importance of high-quality support, particularly threat detection—especially considering that the costs were nearly $1 million higher in cases where attackers disclosed a breach.
At ESET we believe in a prevention-first approach, which means mitigating threats before they can do any harm. Catching malware activity within business systems is nice, but often it also means that the malware has already caused complications, such as business disruptions and revenue losses from system downtime, lost customers, and reputational damage. In the aforementioned IBM study, these additional costs reached an average of $1.3 million.
In the U.S. alone, the cost of cybercrime in general reached $320 billion in 2023 and is projected to reach $1.82 trillion by 2028.
These worrying trends expose the claim that smaller businesses are not interesting for cybercriminals as a myth. Quite the opposite, threat actors are well aware of smaller and medium-sized businesses’ (SMBs) weaknesses. This year, 56% of SMBs have already faced at least one cyberattack and 78% are concerned that a severe cyberattack could drive them out of business.
There is a price for deploying a lower-quality product and you probably don’t want to pay it.
Deploying high-end technology is not window dressing
At present, many MSPs are given solutions for free, which keeps them in vendors’ ecosystems. But ultimately, they pay a price in terms of poor operability and performance. For example, representatives at some larger MSPs I spoke with said that they weren’t happy with the quality of the telemetry they could gather from clients’ endpoints.
On the other hand, ESET products were praised for their automation and seamless operation without disruptions. Our protection for businesses, ESET PROTECT, enables operating on a single unified cybersecurity platform, which makes the lives of MSP admins easier. “It simply works,” I heard from our customers, which is feedback we’ve been receiving since we launched our MSP program in 2013.
“We’ve picked up customers of all shapes and sizes over the last 20 years. But from an antivirus and endpoint security point of view, once we’d settled on ESET, the products evolved as we have. The relationships we’ve been able to garner and build with the Support Teams, the Sales Teams, the Presales Executives, with everybody at ESET are long-standing,” said Andrew Owens, Head of Sales, Risc IT Solutions.
And there is another aspect of investing in a high-quality security solution – vendors’ experiences and reliability. For example, ESET is a global leader in digital security with more than 30 years of experience, having more than 1 billion protected internet users, 12 global Research & Development (R&D) centres, and more than 600 R&D experts. The quality of our protection has been repeatedly acknowledged in numerous comparatives over the years.
What about the reliability of cheap or free products? Let’s put it this way: there is a reason many of them don’t appear in leading comparative tests and analyses.
Benefits of ESET MSP program:
Leading cybersecurity technology – ESET PROTECT offers multilayered security technology combining machine learning, AI, a cloud reputation system, and human expertise. With ESET PROTECT, MSPs can offer flexible subscription solutions, providing security for all major platforms.
Multiple capabilities in one package – Decrease the attack surface with modern endpoint protection, server protection, threat hunting, mobile threat defence, cloud app protection, Vulnerability & Patch Management, and much more.
Flexibility – With daily billing and monthly invoicing, customers pay for what they really use: no flat rates, with no long-term commitment. Flexible management allows users to upgrade subscriptions and adjust seat counts on their own.
Unified ecosystem – With ESET’s cloud-first ESET PROTECT Platform, users have a complete overview of all their clients from a single pane of glass, allowing them to see and manage clients in one place.
Automation – ESET PROTECT automation features, such as Dynamic Groups, were designed to save IT admins time and help them avoid portal fatigue.
Integrations – ESET actively cooperates with the major RMM and PSA players to create best-of-breed, in-depth integrations.
As you can see, this is not just a simple protection of businesses’ endpoints against simple viruses but a robust solution covering a huge threat landscape. And all of these are offered for a fair price. If you are not sure about the ESET MSP program value, just check the prices for all these capabilities on the cybersecurity market when offered as standalone products.
You have only one reputation
The vision of having a free cybersecurity solution that covers all business needs while saving money may be intriguing but is far from reality. What’s real is that cyberthreats are becoming more sophisticated, IT processes are getting more complicated, and a proper cybersecurity solution should address both problems at once.
Failing to do so leads to business losses, disruptions, and losing clients. Remember, you have only one reputation, which is worth more than savings on a cybersecurity product.