State of the MSP Industry: What Happened in 2021?

It’s hard to believe a whole entire year has passed us once again. While we’re not usually one to follow the crowd in terms of content creation here on the DOJO, I do see value in doing pieces like these year-end round-ups, reflections… or whatever you want to call them. The point is… it’s been an interesting year for MSPs. It’s been SEVERAL interesting years for MSPs, and I’ve always felt there is value in taking some time to stop, think, and discuss where we’ve been, and where we’re going.

While many of the “end of year” posts you’ve seen out on the web usually contain static content, I’d like to encourage your feedback and interaction in the comments section below after you’ve read through this piece. The MSP community has always been one of my favorite communities. We always look out for each other, and we always discuss the issues meaningfully, as a group. After the discussion, there are ALWAYS meaningful take-aways and action items, and it’s this process that has helped shape my viewpoint and my place in the MSP industry over the years.

I’d like to think my viewpoint is somewhat unique. Maybe not exclusively unique, but unique nonetheless. I’ve been involved in the MSP industry in some way for the last 20 years. Either as a customer, an MSP software partner (like Altaro and Hornetsecurity) or as an MSP itself. During that time I’ve done MSP help desk, engineering, architecture, pre-sales, marketing, account management, service costing, playbook creation, strategy and planning, team leadership, and everything in between. Through my interaction with the community, peer groups, and contacts within multiple MSPs across the country, I try to keep a close eye on the pulse of the MSP industry. Many of my thoughts throughout this piece derive from that experience and the contacts I’ve made over the years.

That all said, let’s get to it.

Current State of the Industry

I always like to frame these discussions from a viewpoint of data. Any reflection or prediction done in this article would be wasted without a frame of reference. In short, how are things looking in the IT space from a business perspective, and how does that information help us prepare for 2022? To start, let’s look at some somewhat recent data from Gartner. According to a Gartner Article from October, the forecast for the IT Services space looks to remain healthy and full of opportunities for enterprising and agile MSPs.

Some key data from the report:

• • Overall IT spending forecast is predicted to grow by 5.5% in 2022 to total nearly 4.5 trillion USD

• • Enterprise Software development is seen to have the largest piece of that increase at 11.5%

• • IT Services Specifically are predicted to have the 2nd largest increase cited in the report at 8.6% growth over the previous year

• • The total predicted spending on IT services in 2022 is 1.3 trillion USD

• • Data Center Systems spending is poised to increase by 5.8%

• • Spending on Devices is predicted to rise by 2.3%

• • And finally, we’re predicted to see a 2.1% increase in spending on communications services

As we can see, the importance of professional IT services is continuing to increase and shows no sign of slowing down. MSPs are uniquely positioned to address this growing need through a vast array of offered services ranging from support, endpoint management, cloud services, productivity and process improvement and more. Some MSPs with development resources in-house may even find themselves being able to cash in on that enterprise software development increase as well! Conjecture aside, however, how are some MSPs navigating the current ecosystem and tapping into the growing market? I recently read an annual report from Channel Futures that I found really interesting.

Said report surveys the MSPs on Channel Future’s MSP 501 list. Highlights include:

• • 99% of MSPs in the MSP 501 now offer managed security as a major solution area

• • 7 of the 10 top growth areas for MSPs in the MSP 501 are security-related and include a focus on, endpoints, network security, end-user training, SIEM, phishing, and others

• • 97% of MSPs surveyed stated that they use multi-factor authentication (MFA) to protect their own environments

• • Top revenue-generating solutions amongst MSPs in the MSP 501 includes help desk (69%), managed security (58%), BDR (43%), and RMM (32$)

• • Full-time employee hires grew by 6%

• • 18% of those MSPs surveyed made one or more acquisitions

It comes as no surprise that security services aren’t just a part of the MSP game, they’re a HUGE part of the game now. Clearly, if you’re not working on getting managed security worked into your solution stack, now is the time to start. Not to mention the multitude of security issues we dealt with in 2021, the sooner you start the better! That said, if you need further convincing, we ran several end-customer-focused surveys here at Hornetsecurity this year and found loads of interesting information on security concerns. The two surveys I’d like to highlight as part of this discussion revolve around Ransomware and Email security specifically.

Feel free to view the results at your leisure, but I wanted to at least share some of the more interesting findings below, starting with ransomware and the fact that at least 1 in 5 of organizations surveyed fell prey to ransomware.

Contrast that with the fact that nearly 10% of organizations were forced to pay the ransom. That’s 10% too much in my opinion!

More interestingly, in terms of targets, we found that no organization was “safe” from ransomware threats. Businesses of all shapes and sizes are a target and are actively being exploited by ransomware attacks.

Again, these are just a few MSP-relevant findings from the report if you’d like to see the full survey results and findings you can do so here!

In addition to the danger that ransomware serves to MSPs directly and to their customers, one other common theme in ransomware discussions from last year is a vector of attack. It’s no surprise that Phishing continues to be a major vector of attack for threat actors, and MSPs know this. As mentioned above, many MSPs in the Channel Futures MSP 501 report cited phishing protection to be one of their primary growth areas over the last year. That said, according to another one of our major surveys from 2021 focusing on email security, it appears not everyone is getting on board yet. According to our email security survey, we found that 62% of all reported breaches were the result of either user-compromised passwords or a successful phishing attack.

In something of a correlation, we also found that 1/3rd of companies DO NOT enable MFA for all users

Again, these were just a subset of some larger survey results. If you’re interested in viewing the full report on email security, you can find it here!

Putting It All Together

So I’ve inundated you with lots of data from 4 different sources. What does it all mean for you as an MSP? When you contrast the first two sources on the current state of the MSP space, with our survey results on ransomware and email security, there are a few things that pop out.

• • There is, and will continue to be, a large amount of opportunity in the managed security space in the coming years.

• • Many organizations are struggling to implement even the most basic of security services within their environments.

• • I’ll remind you that 7 of the top 10 growth areas for MSPs on the MSP 501 list were security-related, including ransomware and phishing protection.

In short, if you’re looking for a TLDR, invest in security services for your customers if you want to guarantee growth in the coming year.

What Challenges and Concerns have led us here?

It feels like ancient history now, but the fact is that the rapid adoption of hybrid and remote work during the early days of the COVID 19 pandemic in 2020 created some unintended side effects. Threat actors seized the opportunity to stage ever-increasing attacks on cloud services. This included things ranging from Microsoft 365 targeting ransomware to large supply-chain style attacks like we saw with the Solarwinds hack early in the year. This is not to mention the current Log4J mess that we’re all in.

We’ve covered many of these topics on the DOJO over the past year. The one I found most personally interesting and most directly impactful to some MSPs in my opinion was the Solarwinds supply chain hack. In fact I spent quite a bit of time talking about the attack with Fabio Viggiani from Truesec multiple times over the year regarding that attack specifically and what it meant for MSPs. For ease of viewing I’ve embedded both videos in that series below:

Here is the first video in the series shortly after the hack was revealed

 

Followed by another video a few months later after the damage had become a bit more clear

 

All of these factors, all of the news coverage, and financial damage that has occurred over this last year as a result has finally put security at top of mind for many organizations. This is not to mention that many internal IT departments are finding themselves understaffed, and under-trained to deal with this challenge, which is another key point that has led us to where we are now with the increased demand and MSSP services.

Security, again, is certainly top of mind for most MSPs given the year(s) we’ve had. However, that hasn’t been the only challenge MSPs have faced over the last 12 months. Other challenges that have cropped up this year for many MSPs include:

• • Having to learn how to teach and learn how to optimize processes for varying types of end-customers due to increased adoption of cloud services such as Microsoft 365

• • Having to skill up entire teams as new solutions are rolled out to enable hybrid and remote-work scenarios

• • After mass-adoption of vendor-specific solution stacks, having to worry about vendor concentration risk for yourself and/or your end-customers

• • Hiring Challenges

• • Changes in Licensing Costs for Microsoft 365 services

So yeah… you know there are challenges. You’ve likely experienced some of these yourself. Your next question, however, is likely, what do we do about them by preparing for the coming year?

How can MSPs Prepare for 2022

If you take nothing else away from this article, here is your list of actionable items. These are the steps you can start to take to not only position your MSP for maximum growth in the coming 12 months but to also help you deal with many of the challenges we just discussed. All of the below suggestions will serve to either position you to provide additional services, or shore up a pain point that is keeping you from running as optimally as possible. Let’s start with the obvious one.

1. 1. Invest in Managed Security services for your customers – This includes several components. You’re going to want to do your research on trusted security solutions for your Managed Security stack (We happen to know about some pretty awesome M365 security software BTW). In addition to product choice, you need to skill up your team on it as well. Also, don’t forget to fashion your costing and marketing around these new services as well! Once you’ve checked these checkboxes you’ll be well-positioned to address the MSP needs we discussed earlier in the article.
   2. Train the trainer – With the increased adoption of Microsoft 365, many MSPs are finding themselves in a place where they have to be able to show how the various services in M365 can improve in place process and create digital transformation. You MUST have someone on your team that can not only teach others how to use M365 to the fullest, but that person also needs to be able to wrap their head around business processes from multiple industry verticals. Having someone fill this role will ensure that each customer is leveraging every piece of M365 services possible, increasing customer satisfaction as well as your bottom line!
   3. Invest in your team – I likely don’t need to tell you, that the pace of change in the industry is accelerating. Don’t neglect to keep your team training in some way/shape/form at all times. Remember, you’re the expert for your customers and you’re doing them a disservice if you’re not providing the correct solution for the correct problem. Not only does this help you remain “the expert” it also increases customer trust. If you need some help on this, we have an article regarding certification for your technical team.
   4. Educate yourself on vendor concentration risk – You’re going to start hearing more about this term. Vendor concentration risk is the concept that relying too much on any one vendor for most (if not all) of your technology needs could constitute an unacceptable risk to the business. All those cloud services are great until that vendor goes belly up for a few hours…. or a day…etc..etc. While there are some vendors I would trust more than others, such as Microsoft (Azure & M365), it’s still something you need to be aware of. Do the risk assessment and be able to speak intelligently about it, and you may turn a potential no into a yes somewhere down the line in your sales cycle.
   5. Get Help on Hiring – This has been an ongoing challenge for MSPs since the dawn of MSPs. We’re technology professionals, not talent acquisition specialists. This may be an unpopular opinion, but I’ve been of the stance for some time that if I put my MSP leadership hat on, I’m outsourcing this. This process will take more time internally than you think it’s going to take, and that’s time you could spend chasing leads and billing existing customers. Get help on this one, and wait for the candidates to come to you. That said, it is and is going to continue being an employee’s market for some time. Be flexible with remote work and salary requests. Invest well in your new employees and they WILL take care of you and your customers.
   6. Make plans to deal with the M365 licensing cost increase – You’ve likely heard that there is a pretty hefty price increase coming to M365 soon if you haven’t felt it already. The cost aside, the big fact making waves about this change is the fact that with a 12-month commitment the cost of the license stays largely the same as it was before. The problem here is your end customers still expect that month-to-month flexibility and you need to plan for that. Whether that’s getting a lending partner, charging a premium to the customer to maintain that flexibility…etc..etc, you need to come up with a plan (and stick to it) on how you’re going to navigate that. My only hard-line suggestion here is, don’t assume that risk yourself. You don’t want to be on the hook for M365 licensing for 11 months if a customer leaves after 30 days.

Covering these six key areas should set you up in the coming year for success. That said, don’t write these down, start executing and then not give it another thought until the end of Q4 next year. Always be evaluating the market, the risks, and the technologies. Things are changing rapidly and to remain successful in the MSP space you need to stay agile, and pivot quickly if needed.

Our Most Popular MSP Articles of 2021

To wrap things up, I’d like to share our most popular MSP articles from the last 12 months. These are in addition to many of the resources I’ve shared throughout this article.

• • 70% of MSPs saw increased revenue as companies work from home

• • How the SolarWinds Hack Could Change Data Security Forever

• • How to Manage Multiple Office 365 Tenants with M365 Lighthouse

What I found interesting about these top viewed articles, is they all plug into the larger discussion we’ve been having in this article. Changes from the pandemic, security concerns, and implementing new technologies!

With that, I’ll wish you a happy new year and I truly hope you all have a successful and fruitful 2022!

As always, feel free to let us know what you think in the comments below!