Strategic Considerations for Leading European MSSPs Addressing the SMB Segment

by Rajesh Muru, posted in Secure
R. Muru

Summary Bullets:

• With a market value of $20.32 billion in 2027, the SMB cybersecurity market in Western, Central, and Eastern Europe is worth pursuing, and businesses are underserved.

• Leading Western MSSPs will require investment to redefine their propositions for the SMB segment, utilizing a high-touch, asset-lite, automated proposition.

The Western, Central, and Eastern European SMB Segment is Worth Pursuing
According to GlobalData, total cybersecurity revenues for Western, Central, and Eastern Europe for the small and medium-sized business (SMB) segment (0-249 employees) will reach $20.32 billion in 2027 with a CAGR of 13.3%, whereas the large business segment (250+ employees) will generate $38.37 billion with a CAGR of 11.24%. At a high level, these revenue forecast projections are indicative of SMBs being an important segment for cybersecurity. Consequently, cybersecurity providers, including large tier one and two players as well as local smaller players, are all attempting to pursue opportunities in the SMB segment. However, the downside is that the SMB segment, like the corporate segment, has been suffering as a result of the global economic slowdown, resulting in tighter spending on enterprise ICT and IT. But there is some hope with incremental falling inflation in countries like the UK, influencing business confidence in 2024.

Leading MSSPs Need to Better Assess SMB Segment Needs
Managed security services (MSS) is a much needed offering to the SMB segment, where demand is driven by limited IT staff and resources. Varying by company size, managed security service provider (MSSP) services are mostly under a fully outsourced model, providing advanced threat detection, rapid incident response, 24/7 monitoring, and proactive security measures without the need for extensive internal resources. And specifically, the most common cybersecurity solutions in place currently entail firewall or email antivirus solutions, simple cloud security layers, compliance security policies, and security awareness training and education. Additionally, the lower down you go in company size (fewer than 50 employees), key off-the-shelf commercial software (through resellers) from vendors like Microsoft, Avast, Norton, and Kaspersky are prevalent, often delivered with service support under a basic outsourced model from resellers, a local small security provider, or systems integrator. The bigger the company (200+ employees), more established national players and tier one providers (through reseller distribution channels) come into play, but delivering a bundle of solutions encompassing software and outsourced cybersecurity services.

However, GlobalData’s interactions with the SMB segment highlights that there is still consensus among the SMB community in its cybersecurity needs not being met. And partly this is influenced by the fact that cybersecurity from a business-value perspective is difficult to measure; after all, it doesn’t really address a manual business process function within a company. And this mindset together with the sheer volume of attacks in industry that are well-documented now really concerns business owners and IT heads in the SMB segment.

MSSP Strategic Considerations for Success
Leading tier one MSSPs are at crossroads. On the one hand they have the capabilities to assist SMBs, but on the other are unable to compete with the local smaller providers that are offering cybersecurity services. Leading tier one MSSPs, if they are addressing the SMB segment, attempt to re-package/tailor their existing current proposition that they are delivering to the corporate segment. This results in a solution that is not only over-scaled for the SMB market but is also not aligned to SMB needs.

There are specific requirements that leading MSSPs should take into consideration when defining their cybersecurity roadmap for the SMB segment. At a high level, recommendations for success include:

  • Highly automated MSSP services: Security services being delivered will have to be highly automated, addressing provider internal OpEx, enabling them to differentiate on price and by making its MSS offering digitally integrated.
  • Single customer portal: Delivering solutions, business analytics and benchmarks, self-service functionality, education, and service support through a centralized highly automated customer portal.
  • Proactive reseller/partner channel: Self-service procurement should be balanced with delivering proactive reseller/partner relationships that provide in-person interfaces support to meet the growing needs of the SMB segment – providing tech support on future technology needs and best options for consideration.
  • Cross-selling solutions: Flexibility in bundling solutions that enables SMBs that often procure technologies together across variety of solution areas.

Leave a Reply