Which Major Forces Will Disrupt the MSP Market in 2019?

| By: Geoffrey Willison

This year has already brought a lot of channel activity; whether through mergers and acquisitions—for both vendors and service providers—the naming of new CEOs and executives, or things to look out for in 2019. But which of the major trends in the market are actually worth watching?

To answer this question and more, I sat down with Continuum CEO Michael George. Recently, Michael shared his predictions for the managed services industry, alluding to three major forces that will disrupt the market. Keep reading for a deeper dive into these three forces, including exclusive insight from Michael on how to align your MSP business for success in 2019.

1. The MSP Market is Going to Be Dominated by the Top 20 Percent

The Pareto Principle suggests that 80 percent of the wealth is dominated by 20 percent of the market, and a combination of market forces has created the perfect storm for this to emerge in the managed services marketplace. By 2020, just 8,000 out of 40,000 MSPs in the United States will dominate most of the available revenue. The first of these market forces is a reduction in the workforce of up to 40 percent due to retirement, as predicted by CompTIA, which could leave many providers without successors to lead the businesses and hamper growth.

Second is the trend of mass market expansion through merger and acquisition, now that private equity firms and major office equipment dealers have realized the opportunity that awaits them by investing in or acquiring managed services businesses. That is likely to result in increasingly challenging environments for smaller players unable to seek an exit as their competition grows larger and stronger.

What steps can IT providers take to ensure that they’re part of this top 20 percent?

“Some MSP businesses exist where they’re $1 million today, they were $1 million 5 years ago, and will probably be $1 million 5 years from now” explains Michael. “If they’ve plateaued and aren’t seeing substantial growth, they’ll be part of that 80 percent of the market that’s fighting over 20 percent of its revenue. While we started to see this unfold in 2018, this year will be a foundational year for what I call the ‘slope of separation’ to start taking place. To make the top 20 percent, MSPs are going to have to get themselves configured and aligned toward this new world that were in—and the new world we’re in is one that has three core elements:

  1. A reduction in dependency on local labor: this doesn't mean MSPs will employ fewer people, but that there will be a shift in the dynamics of their organization from low-level technical work to higher technical skills and sales people.
  2. Maintaining a broad enough portfolio of offering to meet the need of the typical SMB customer
  3. Using security in a very proactive, pre-emptive, and much more holistic way.”
2. Every Business Will Be No More Than Two Degrees of Separation from a Major Cyber Attack

Sixty-one percent of small and medium businesses are now being hit by cyber attacks every year, and the average cost of a cyberattack has increased to $2.2 million, making it extremely difficult for businesses to recover. The sheer volume of cyber threats that SMBs are experiencing has caused a substantial shift in their risk of being attacked—from minimal to material—meaning that no business is now more than two degrees of separation from a business that has been attacked. What’s more, the risk and potential damages associated with these attacks is also increasing—making it extremely difficult for SMBs to protect themselves.

The threat has moved from our news headlines into our business circles, prompting cybercrime to become ever-present in the minds of business owners. Practically every business owner has heard of colleagues and competitors being hit by ransomware and phishing attacks, putting their businesses at risk of annihilation.

What kind of pressure does this put on MSPs, when clients are asking the “how are you making sure this doesn’t happen to my business?” How can they get to a place where they can answer that question confidently?

“Only when they confidently have a solution that bears the resemblance of their answer, and their answer has to include security," says Michael. "But the issue of security is that it cuts into two dimensions in how it affects a business that are very different than traditional IT services.

The first is an issue of time. When you have a problem, it’s binary—you either have it or you don’t. When you do have a problem, you could lose access to an application, you could have some degradation in performance, etc. But then time stands still; you can just go and fix it. Security, however, has a different dimension of time. Cyber attacks are engineered to propagate, and therefore time is your enemy. So, the ability to detect as immediately as possible and then to take action as immediately as possible is critical. But this is not a dimension of time that MSPs are accustomed to; they’ve never had to race against the clock in real time. Cybercrime doesn’t go home at 5 at night and show up again at 9 in the morning—this is a persistent, 24x7 threat, but it’s also a threat that MSPs aren’t properly organized around.

The second is that unlike every other component of IT, cybersecurity is existential. If service providers don’t solve this—and solve it quickly—it could mean the end of their business.

Security is bringing these two new pressures into the equation that no IT services organization has had to deal with before. Yet these are the key elements to solve for in order to plausibly declare that customers are covered.

MSPs need to have the ability to immediately detect and respond to a threat, while also having an integrated backup and disaster recovery solution because you could go to a customer and say, ‘I can thwart 99 percent of the problems, but 1 percent is bound to get through, and when it does, I have you covered with backup.’ MSPs need to account for that dimension of immediacy to be effective, and if they have that coupled with backup, they have a solid security solution.”

3. Security Will Emerge as the Disruptive Force That Cloud Never Was

As the dust settled from the cloud revolution, our industry has emerged stronger, because the technology made it easier to run our businesses. Security will not be as kind.

It will be harder to protect clients from the escalating threats, because cybercriminals are hitting them with greater force and smarter attacks. It will be harder to discuss what clients are secured against, because outdated promises of antivirus and firewalls are causing them to operate under the assumption that they are protected against much more.

It will be harder to keep up with enterprise-grade security solutions, because MSPs simply cannot afford to hire and retain the teams of seasoned security professionals for which they are built.

And, it will be hardest of all for businesses to admit to end-clients that they’ve successfully been attacked, because their MSP failed to protect them.

You’ve mentioned 2018 being the year the first domino has dropped in regards to cyber security. How do you see those dominoes continue to fall and disrupt this market in 2019 and beyond? “All markets go through evolutionary stages; it starts from slow-paced progress and then all of a sudden, it reaches a tipping point in its maturity. The IT services market is at the precipice of its tipping point, and we’ll see security having that domino effect this year and in the years to come," describes Michael.

"I think we’ll see this primarily in the five key verticals—those being healthcare, financial, legal, construction, and non-profit. Because of the decreasing degrees of separation from an attack and businesses getting hit at a much higher rate, I predict that of the five high-value vertical industries, 48 percent will have some successful infiltration of a cyber attack in the next twelve months.

Security is going to be a completely disruptive force for MSPs in the industry—it’s the plutonium-grade electron that has entered this field—and it’s worth paying attention to and planning for in order to be on the right side of the 80/20 equation.”