With attack after attack hitting businesses of every size and industry over the past year, the opportunity for managed service providers (MSPs) to offer cybersecurity services to their customers is greater than ever. In fact, research firm MarketsandMarkets estimates that the market for managed security services will nearly double over the next five years, from $22.8 billion in 2021 to $43.7 billion in 2026.
With that growth in mind, many MSPs are asking: How should we invest to make the most of this opportunity and provide our customers with the services they need? There is a range of different options, but one thing that many MSPs consider is launching a full security operations center (SOC) to update their capabilities.
A SOC is a centralized part of the organization that includes people and technology to constantly monitor for signs of a potential attack, as well as respond to any cybersecurity incidents discovered. It typically centers around a security information and event management (SIEM) solution, which helps ingest data from across the organization, as well as teams available around the clock to monitor, analyze and respond.
There are many factors to consider if an MSP is thinking that launching a SOC might be a logical next step for their clients. Perhaps the most significant thing to consider is the cost. While a SOC and its associated security services promise new streams of revenue to an MSP, launching a SOC can be incredibly expensive. Among other things, it requires multiple employees working in shifts 24/7, as well as advanced security technologies. Some estimates put the cost of launching and operating an SOC at around $1 million a year.
Additionally, one of the biggest challenges for an MSP — or any organization — looking to launch a SOC is the difficulty in finding available security talent. There’s a massive skills-gap challenge in cybersecurity, with an estimated 2.7 million unfilled positions, according to (ISC)2’s annual Cyber Workforce Study. A SOC requires an average of 10-12 employees at a minimum to allow for multiple shifts and for full coverage. These employees likely need to possess advanced cybersecurity skills, including the role of a chief information security officer.
Finally, launching a SOC requires new risk calculations for an MSP, since regular security services and offerings, such as endpoint or ransomware recovery, only require an MSP to assume a medium level of risk with their clients. Adding SOC to the product offerings puts an MSP at a higher risk, holding them nearly fully accountable for managing the cybersecurity threat to their clients and therefore increasing the liability on them during the attack.
Good news! There are alternatives for MSPs that are interested in offering SOC services but don’t want to shoulder the associated costs or risks. For instance, there are a growing number of SOC-as-a-service offerings that allow an MSP to offer SOC to their customers. Additionally, MSPs could also consider partnering with security-focused MSPs or other similar providers to offer these services.
No matter what course of action an MSP decides is best for their business, what remains clear is that the cybersecurity challenge is not going away anytime soon. Attacks continue to escalate and MSPs will want to make sure they act as a trusted advisor to their clients by offering the necessary support and services to ensure they remain protected. In doing that, they can not only secure more potential revenue, but also help their clients limit risk as much as possible.