CyberSmart's 2026 MSP survey highlights third-party risk concerns

CyberSmart's latest findings reveal an increasing focus on third-party risk, with MSPs facing new challenges amid regulatory changes.

  • Thursday, 11th June 2026 Posted 2 weeks ago in by Katy Hill

Today, Cybersmart, a provider of cyber risk management for small businesses, revealed its third annual CyberSmart MSP Survey. This 2026 report zeroes in on the security stance of Managed Service Providers (MSPs) and their clients, reflecting the growing significance of third-party risk in today’s volatile cybersecurity landscape.

The survey's findings reveal that 43% of MSPs and their customers have experienced cyber incidents attributed to suppliers or third-party vendors in the past year. Conducted by OnePoll, the research surveyed 350 MSP leaders across the UK and Ireland, representing a broad spectrum of industries.

Cybersmart, a provider of cyber risk management services for small businesses, has published its third annual CyberSmart MSP Survey. The 2026 report focuses on the security position of Managed Service Providers (MSPs) and their clients, with attention to third-party risk in the current cybersecurity environment.

The survey reports that 43% of MSPs and their customers have experienced cyber incidents linked to suppliers or third-party vendors in the past year. The research was conducted by OnePoll and surveyed 350 MSP leaders across the UK and Ireland, covering a range of industries.

Supply chain breaches are reported as a recurring issue rather than isolated events. MSPs often have broad access to client systems, which can make them a target for attackers seeking access to multiple organisations through one entry point. The survey found that 55% of MSPs have been involved in supply chain incidents, either directly or indirectly. At the same time, 55% of MSPs do not carry out continuous monitoring of supply chain risk, with 37% assessing risk quarterly and 11% annually.

Key challenges identified by MSPs in managing supply chain risk include:

  • Managing and enforcing security requirements in contracts (39%)
  • Third-party risk assessment and monitoring (37%)
  • The cost of securing and supervising the supply chain (36%)

The Cyber Security and Resilience Bill (CSRB) introduced in November 2025 places MSPs under formal cyber security regulation. The legislation requires stricter security measures and more detailed incident reporting, with a focus on managing systemic supply chain risk and the role of MSPs in wider cyber resilience.

Among survey respondents, 96% said they feel at least somewhat prepared for the CSRB, and 45% said they are fully prepared. Respondents also indicated that software alone is not sufficient to address readiness requirements, and highlighted the importance of skills, clearer customer expectations, and defined responsibilities for liability.

The CSRB is also associated with increased liability for MSPs, which 42% of MSP leaders identified as a concern. They cited issues related to unclear accountability and a need for clearer guidance on how risk and responsibility are shared.

Overall, 77% of respondents said they believe the CSRB adequately addresses the protection needs of organisations within supply chains. When asked about additional measures, responses included requests for clearer guidance, protections around shared liability, tailored frameworks for MSPs, and security certifications for client-facing services.


Toby Weiss steps in as CEO of Securonix, aiming to enhance security operations amid evolving threats.
Exploring the shortcomings in AI governance and the potential avenues for managed service providers to bridge the gap between confidence and control.
AI adoption in workplaces is accelerating but employees lag in readiness, revealing a pressing need for strategic skill development.
Westcon-Comstor appoints Olya Scekaturova to lead sales growth across UK and Ireland.
Cynomi’s “What MSPs Are Actually Asking About AI” report reveals the real questions shaping the managed services landscape, from data security...

NAKIVO partners with ICOS for Italian market expansion

Posted 10 hours ago by Sophie Milburn
NAKIVO teams up with ICOS to distribute its data protection solutions across Italy, aiming to tap into the region's dynamic SMB and mid-market...

Cyber attacks surge in UK healthcare sector

Posted 1 day ago by Sophie Milburn
SonicWall reports a rise in cyber attacks against the UK healthcare sector, with a focus on dated vulnerabilities and new technological risks.
As cyber threats escalate, SEP2's approach aims to offer a specialist partnership to strengthen organisations across regulated sectors with Check...