At MSP GLOBAL, cybersecurity remains one of the hottest—and most urgent—topics on the agenda. Email remains the number one attack vector, but the threat landscape is shifting fast.
To help MSPs navigate this complexity, we sat down with Demi Clinch, Head of Sales at UK-based cybersecurity provider CyberSentry, who works closely with MSPs and IT consultants. She brings us some practical advice on how service providers and VARs can strengthen their offerings, protect their customers, and unlock new revenue streams.
[No time to read? Watch this 45-second video for a top tip on a cyber product that gives instant income and 70%+ retention…]
Everyone talks about phishing, but are the threats evolving?
Absolutely. Email is still the number one threat vector, and around 85% of cyberattacks come from phishing emails. But we’re seeing attackers move into more sophisticated impersonation attacks. These attackers then often sit in the background for weeks or months, gathering intelligence before striking. That’s why MSPs need to be more proactive in their defense.
So what does a stronger defensive posture look like for MSPs and their customers?
It’s all about a multi-layered approach. Yes, businesses may already have email filtering or dark web monitoring, but those tools alone aren’t enough. You need to layer security on top of security. Microsoft 365, for example, is the world’s biggest target for attackers, simply because 85% of businesses use it. So the question is: are you protecting just Microsoft, or are you also securing the lateral threats that come in from other directions? A holistic approach is key.
Not all MSPs have in-house cybersecurity expertise. How can they close that gap?
That’s where cybersecurity specialists come in. MSPs shouldn’t try to be experts in everything—they should work with specialists where necessary. That allows them to access the training, the tools, and the expertise, to confidently deliver protection without building a cybersecurity department from scratch. And it goes all the way down to the end users: continuous employee training is vital, because the human factor is always the weakest link.
Small businesses are a growing target. Why is that happening?
Small businesses often think, “We’re too small, no one will target us.” That mindset is dangerous. Criminals know smaller companies usually don’t have enterprise-grade defenses, so they’re easier to exploit. With governments tightening rules around paying ransomware demands, attackers are shifting their focus further down the chain to SMBs. For MSPs, this means there’s a massive opportunity to serve that market with affordable, packaged cyber solutions.
What role does AI play in both attacks and defense?
AI is a double-edged sword. Cybercriminals are using it to create more convincing phishing and impersonation attempts, but we can also fight AI with AI. Tools like vulnerability scanning and soft penetration testing can proactively identify weaknesses before criminals do. Think of it like a burglar checking your house: vulnerability scanning finds the open windows, penetration testing shows you how they’d actually get in. That insight is invaluable for MSPs and their customers.
For MSPs hesitant to enter cybersecurity, where should they start?
First, they need to recognize that cybersecurity is no longer optional—it’s a must-have. If you don’t offer it, your competitors will, and you risk losing not just security business but your entire customer relationship. The easiest place to start is with simple, high-impact solutions like dark web monitoring. It takes just a couple of clicks to deploy across your customer base, it delivers immediate revenue, and retention rates are around 70–80%. It’s a clear win.
Some MSPs worry cybersecurity is too complex. How do you simplify it for them?
By stripping away the jargon. Cybersecurity is full of acronyms and buzzwords but customers and many MSPs don’t need to get bogged down in that. What matters is providing a solution that’s easy to deploy, easy to brand, and easy to explain. White-labeled solutions and branded microsites mean that MSPs can go to market with their own cyber product without reinventing the wheel.
How should MSPs position cybersecurity to build value, not just sell another tool?
The key is to move away from a “toolbox” mindset. Cybersecurity shouldn’t be just another line item—it’s part of the full-service wrap. If you’re the MSP that provides telecoms, broadband, IT support, and now cybersecurity, you become the one-stop shop. That creates stickiness: customers won’t want to leave because they trust you with their whole business. It also strengthens your role as a true advisor, not just a vendor.
Beyond protection, where’s the real revenue opportunity for MSPs?
Cybersecurity solutions bring both margin and retention. Customers rarely cancel security services once they’re live, because the risks are ongoing. And for MSPs, the operational overhead can be low if you choose the right partner. Low-touch, API-driven services let MSPs deliver real protection without constant management. In other words: it’s profitable, scalable, and it keeps customers loyal.
Final advice for MSPs who still don’t prioritize cybersecurity?
Honestly—if you’re not offering cybersecurity, you’re already behind. Your customers need it, your competitors are selling it, and the threats are only getting worse. Start small, partner with an expert, and build from there. The good news is that cybersecurity doesn’t have to be complicated or scary. Done right, it strengthens your customer relationships, protects businesses of every size, and creates sustainable growth for your MSP.
Don’t miss Demi’s keynote at MSP GLOBAL 2025. She’ll be sharing techniques that every MSP can use to drive sales, retention and profitability. She’s speaking on Thursday 23rd at 11.50 AM.
If you’re looking for a cybersecurity service delivery partner, you’ll surely find one at MSP GLOBAL… see you there!
October 22-23, 2025 – 
PortAventura Theme Park (Barcelona), Spain