If cybersecurity isn’t a strategic priority for your business, you’re going to feel the consequences—fast. That’s the clear message in new research from the Global Technology Industry Association (GTIA). On the flip side, GTIA’s Channel Trends in Cybersecurity 2025 report highlights significant opportunities for IT service providers (ITSPs) and channel firms that can master cybersecurity complexity and position themselves as market leaders.
According to GTIA, many IT service providers say cybersecurity is improving overall. That doesn’t mean the threat landscape is calming down. Far from it. What it does mean is that MSPs feel better equipped with stronger tools and more capable defensive platforms.
But even with better tools, providers aren’t exactly breathing easy. The concerns are loud and clear: more diverse attacks (48%), AI-driven threats (46%), growing dependence on data (42%), and increased privacy pressure (39%). So yes, confidence is rising—but so are the stakes.
Cybersecurity Commitment Is Rising—But Still Not Universal
Despite the urgency, and the opportunity, not all ITSPs have cybersecurity as a core business pillar. According to GTIA:
- 31% call cybersecurity a core offering, woven into their brand and backed by a deep portfolio of advanced tools.
- 35% treat it as a complementary add-on, something more tactical positioned around the edges of their primary stack.
- One-third offer no cybersecurity services at all.
This divide reflects cybersecurity’s roots as a specialty layered onto traditional infrastructure services. Many MSPs evolved from network, device, and hardware management—not security architecture—and are still adapting.
Yet the data demonstrates clear business benefits for those who commit. Among providers for whom cybersecurity plays a core or complementary role, 51% say it significantly impacts revenue, brand identity, and annual investments. And among the 25% that position cybersecurity as central, 55% report earning half or more of their total revenue from cybersecurity in the last two years.
GTIA’s analysis says the message is unmistakable: MSPs don’t need to become pure-play cybersecurity companies, but those that elevate security as a major strategic focus can reap outsized rewards.
Revenue Is Increasing—Especially for Those with Cyber at the Core
Cybersecurity revenue trends reinforce the shift:
- 55% of ITSPs saw cybersecurity revenue increase over the last two years.
- 72% of providers with cybersecurity as a core business area reported revenue growth.
- Only 42% of those offering cybersecurity less strategically saw similar gains.
- And for those treating cyber as an add-on? Just 35% reported growth.
This is why cybersecurity can no longer be sidelined. Customers expect their MSPs to be conversant in security, regulators are tightening standards, and vendors are baking cybersecurity into nearly every tool—from software platforms to AI solutions. Standing on the sidelines is quickly becoming a competitive and compliance liability.
Platform Consolidation, Partner Reliance, and the Push Toward Specialization
Cybersecurity’s complexity continues to rise, making it increasingly difficult for MSPs to “do it all.” The GTIA study highlights the operational strain: managing countless tools, juggling vendor relationships, integrating systems, maintaining compliance, and pricing appropriately.
As a result, MSPs are taking one of two approaches:
- Specializing deeply in one domain—such as backup and recovery—and partnering out the rest.
- Relying on vendor platforms that consolidate multiple point solutions into unified cybersecurity ecosystems.
Current sourcing trends reveal how varied strategies have become:
- 42% source cybersecurity solutions from multiple vendors.
- 24% rely on a single vendor.
- 23% use the RMM/PSA-recommended stack.
- 8% outsource entirely to cybersecurity partners.
Partnerships are especially crucial: 36% of respondents deliver 25–49% of their cybersecurity via partners, and 35% deliver 50–74% through partners.
Yet only 19% say they excel at building strong referral relationships—despite depending heavily on them. GTIA concludes that improving partnership structure will be essential for MSPs that want to grow without overextending their teams.
The Surging Opportunity in Risk Management
Risk management and response represent a growth frontier for advisory and consulting services. Gartner expects the global information security and risk management software market to jump from $165 billion in 2022 to $287 billion in 2027.
MSPs are already seeing the lift. Risk assessment revenue is up 65% year over year, risk management platforms revenue is up 71%, and incident response revenue is up 63%.
As hyperscalers and marketplaces absorb more product sales, MSPs that are willing to lead customers through cybersecurity strategy—not just tools—can more than fill that revenue gap.
AI: The New X Factor
AI is reshaping cybersecurity in real time—and not always comfortably. Providers say AI will:
- Increase cyber risks via AI-driven attacks (39%)
- Free staff through automation (36%)
- Improve threat detection (34%)
- Enable more tailored analytics (32%)
- Necessitate new regulations (30%)
Two-thirds of ITSPs plan to add new cybersecurity offerings in the next 12 months, and 52% of those additions will involve AI-enabled cybersecurity tools.
According to GTIA findings, this next era will reward MSPs who lean in early, upskill continuously, and help clients understand both the risks and advantages of AI.
MSPs Must Protect Themselves Too
High-profile attacks in the last few years have shined a light on MSPs as attack vectors. GTIA’s research finds that 31% of ITSPs experienced a cyberattack in the last year. Larger providers were targeted far more frequently (41%) than micro-sized ones (16%).
Top attack types included:
- Data breach/insider threat (54%)
- Ransomware (38%)
- Phishing (36%)
The good news: MSPs victimized by attacks have responded decisively—boosting internal audits, hiring cybersecurity specialists, strengthening backup and recovery, and improving employee training. Strengthening their own house is non-negotiable for MSPs who want to maintain client trust and credibility.
The Bottom Line: Cybersecurity Is Reshaping the Channel
Cybersecurity is no longer simply another line item in the MSP stack—it is becoming the defining attribute of what an MSP is. According to GTIA, the firms that succeed in the coming years will:
- Embed cybersecurity into every offering
- Build stronger, more formalized partnerships
- Invest in continuous learning
- Incorporate AI thoughtfully
- Strengthen their own internal posture
- Guide customers through rising complexity, not just react to it
Cybersecurity is both a business necessity and a strategic growth engine. GTIA’s findings suggest that MSPs that embrace it fully will lead their customers—and the industry—toward a more secure and resilient digital future.
For GTIA’s take on SMB buying shifts, see ChannelCon 2025: GTIA’s Mission Defined, SMB Buying Shifts MSPs Need to Know
