Digital Newsletter
Each week our editor Phil Alsop rounds up the most popular articles, videos and expert opinions. We compile this into a Digital Newsletter and send it straight to your inbox every week.
Digital Magazines
We'll let you know each time a new edition of MSP Channel Insights is released so that you're always kept up-to-date with the latest and greatest news and press releases.
Video Magazines
The MSP Channel Insights Video magazine contains the latest Zoom interviews with experts in the industry.
Over a third of respondents (35%) cited AI-related threats as their top concern, outranking malware (25%), scams and other fraud (25%), phishing (25%), and ransomware (23%).
Other threats outside the top five, such as insider threat, zero-day vulnerabilities, and denial-of-service attacks, still present a significant danger. These rankings raise the question of whether continued AI-related hype has led respondents to overstate the technology's impact on the cyber threat landscape, potentially leaving them exposed to other risks.
“SMEs should definitely be concerned about AI-generated cyber-attacks, but that concern needs to be proportionate. For now, AI is an enabler for existing threats rather than a facilitator of new kinds of attacks. So, it’s important to keep focused on those familiar cybercriminal tactics and not lower your guard. Take phishing, for example: AI could be deployed to create highly personalised spear-phishing emails—dramatically speeding up attack rates and volumes. These attacks are likely to be far more effective and sophisticated and, therefore, a much bigger risk” comments Vince DeLuca, Chief Executive Officer at Six Degrees.
He continues: “However, that doesn’t mean lower-ranking threats are less dangerous. The real danger is a lack of in-house skills and resources within SMEs to address all current cyber security threats and spot new attack variants in the future. Respondents allude to this, citing the departure of in-house cyber experts and an inability to hire in-house security experts as two of their biggest cyber security frustrations during 2024.”
The research suggests that SMEs are acutely aware of these issues and are taking steps to address them—often recruiting third-party assistance in the form of managed cyber security solutions. This approach appears to be paying off: almost a third of those who stated they had significantly improved their cyber security posture also reported increased adoption of cyber security tools and solutions, while 20% also reported transitioning to hybrid or multi-cloud environments.
Can AI help IT teams fight cybercriminals, too?
Despite the advantages that AI can create for cybercriminals, respondents overwhelmingly think IT teams will benefit more from AI during 2025 (IT teams, 44% vs cybercriminals, 15%)—and 21% think it has already improved their cyber security.
Vince DeLuca believes that respondents are correct: “It’s still quicker and easier for security teams with the right tooling and expertise to analyse system vulnerabilities than for bad actors to identify them from scratch” he explains. “So, on balance, I think security teams have the advantage, at least at this point—and it’s one they must exploit right now.”
Do reported cyber security improvements stand up to scrutiny?
Almost 90% of SMEs believe their cyber security posture has improved in relation to the evolving risk landscape. But it’s worth sounding a note of caution. Buying a cyber security tool or service does not guarantee improvements to cyber security posture. It’s the beginning of a long journey, not the final destination. With that in mind, SMEs need to take the necessary steps to see if their improvements stand up to scrutiny. That might involve regular security assessments, frequent red teaming exercises, and a robust schedule of penetration testing.
“These solutions require the backing of an actively engaged IT or cyber security team to ensure they are utilised to their full potential. The cyber security tool or service purchase—and its ongoing management—has to form part of a broader strategy that informs business change in every single context. If you don’t re-engineer your organisation to be secure, no amount of tooling will fix it” comments Vince DeLuca.
He concludes: “This is a big ask for IT and cyber security professionals within SMEs, especially as our data suggests they are working hard to protect their organisations from increased cybercriminal activity against a backdrop of skills and resource shortages. This is why many of them seek additional help through third-party support and through the adoption of managed cyber security services—as well as the stronger security baseline afforded by public and hybrid cloud environments.”
