Many businesses are reporting that they are feeling pressured by their MSP (Managed Service Provider) to purchase additional cyber security products and services. According to a recent study by the Ponemon Institute, 58% of businesses share this concern.
Additionally, these recommendations often come with little consultation or explanation, adding further pressure.
Business leaders are not wrong for sometimes doubting the recommendations put in front of them. With the cyber security industry projected to reach $4.3 billion AUD by 2026, there is no shortage of ambulance chasers looking to make quick sales.
For some businesses, cyber security products & services can appear to be just as much of a scam as those they are trying to protect themselves from.
So how do you determine what cyber security products you actually need for your business?
In this post, we will talk about the challenges of knowing the difference between the scams and the essentials.
The first roadblock business leaders face is their relatively low understanding of cyber security and its impacts on business.
A survey by Trustwave found that 28% of businesses were unsure about the effectiveness of additional security services suggested by their MSP.
Do you believe that investing in cyber security is worth the money?
Two major factors lead people to answer no.
A staggering 87% of SMBs believe they are immune to cyber threats. In reality, no SMB is immune and very few are even adequately protected from threats.
Even when SMBs adequately assess their level of risk, a challenge emerges in actually understanding what to do about it.
In the absence of understanding, trust is critical. How can you ensure that your MSP is trustworthy?
Businesses should be careful in trusting MSPs when their recommendations can be easily swayed by confirmation bias and the commercial opportunity in front of them.
Do you trust your MSP?
These things might make you second guess your current level of trust:
Ultimately you need to have a level of trust with your MSP. However, it is important to regulate that trust by understanding what biases or incentives may be influencing their advice. Blind trust is never a good thing, you should be in a position to have clarity regarding your spending decisions.
A lack of technical knowledge should not preclude you from having certainty around cyber security products & services. In fact, in many ways, it should be a positive.
There are things you should know before investing in cyber security. Commercial requirements should dictate security requirements.
Cyber security exists to serve the business, not the other way around. Likewise, security advice should not be based on what other businesses are doing, but on what you need.
Your MSP should be able to provide advice as to how your current setup performs against your expectations and provide recommendations and advice as to how to bridge any gap between them. Keeping decisions behind a 'plain-English' business objective should make decisions easier.
Some items to consider:
Undoubtedly, you should have the level of certainty where you could answer these types of questions in front of a board on short notice. If this is not the case, what are you really getting for your money?
Given the constant changes and evolution in cyber security, listing today's essentials would quickly become outdated. However, the longstanding advice is that you can differentiate between the scams and the essentials.
In summary, the validity of offerings can be evaluated by answering a few simple questions:
Feeling a little scammed by your managed service provider? Book a chat with us if you want to learn more about how you can address cyber security with trust, certainty & understanding.