Is your MSSP in it for the long haul?

When selecting an MSSP, be sure to examine the company’s financial strength, roadmap and growth strategy, and staff expertise and retention to determine if the business has staying power.

We can all agree it’s a noisy market right now among managed security service providers (MSSPs). Every day, a new MSSP pops up with shiny new acronyms to tout an enticing deal—but only if you drop your current provider and switch today. MSSP Alert’s “Top MSSPs” list alone is 250-companies deep. And according to Mordor Intelligence, the managed security services market is expected to grow at a CAGR of 16.11% over the next five years. 

But the truly big fish are still few and far between, and M&A activity is on the rise. According to an analysis by SecurityWeek, there were 150 mergers and acquisitions in 2022 in just the MSSP market. The motivations for these deals are understandable: a way to scale up quickly to compete with larger rivals; a band-aid for the chronic talent shortage; or a way to snag the belle of the ball—the one MSSP with expertise in that key market segment—before a competitor does.  

Survival of the richest 

M&As aside, only the fittest will endure this competitive landscape. Investment and sustainment funds are drying up, making survival harder as companies struggle to provide the quality IT and cybersecurity services businesses need. According to Crunchbase, global VC funding in 2022 was $445 billion versus $681 billion in 2021, a historic 35% decline. 

It’s clear the number of MSSPs is going to shrink in 2023, and—with them—quality of service, as companies radically conserve capital, reduce staff, or simply throw in the towel. 

The consequences of bad decisions 

Businesses that made unfortunate investments in these one-and-done MSSPs find themselves in a less-than-ideal position. If their provider has completely disintegrated, the business is left reviewing their existing contract to assess the few legal options that remain, performing a systems audit to determine the next steps, and scrambling to find someone new who won’t burn them again. 

For those businesses whose MSSPs were acquired or merged, it means—potentially—a whole new set of staff to learn their environment. It means hoping the new bosses will include their needs in their business strategy. And it means waiting to see if both will play nicely with each other, and that the business doesn’t become an innocent byproduct of a failed partnership.  

Your checklist for a lasting MSSP 

Service level requirements and data retention questions are all well and good, but they mean nothing if your provider isn’t going to be around for long. Before evaluating an MSSP any further, examine these key areas:

1. Financial strength – What were the operating results of the company last year? Dive deep into their books and let the numbers speak for themselves. Pay particular attention to the balance sheet and cash flows.
2. Roadmap and growth strategy – A provider who genuinely wants to last shouldn’t be shy about sharing future plans. Do those plans seem feasible? 
3. Staff expertise and retention – In a world of people, process, and technology, there’s a reason “people” is always first. What is the background of the staff performing the services? How long have they been working for the company? 

Here to stay 

SEI Sphere’s managed security service was born after over 50 years of securing and protecting SEI’s own highly regulated business operations as a large financial services company. SEI Sphere’s unique position within the larger SEI organization enables us to continually focus on recruiting and retaining the highest quality IT and cyber professionals. We plan to be here for the long haul—here yesterday, here today, and certainly here tomorrow. Reach out to learn more about how SEI Sphere^SM can be your trusted partner for IT and cybersecurity services.