Cloud Vulnerabilities Outpace Ransomware Threats for MSPs

Ransomware has been the number one source of nightmares for CISOs for years.  

Last year, businesses and organizations endured more than 317 million attempted ransomware attacks, according to Statista. Over 5,000 of those were successful, with hackers hauling in over $1 billion in settlements.   

However, the threat landscape constantly evolves and grows, especially for MSPs with customers who use SaaS applications.  

Today, the average small business has 217 applications in its software portfolio, and the average medium-sized business has 314. Managing and protecting an environment of this size has become increasingly difficult for MSPs. And hackers know it. 

To get an updated and clearer picture of the widespread impact of SaaS applications on MSPs, SaaS Alerts engaged Channel Mastered to conduct the State of SaaS Security 2024 report. 

Channel Mastered, an MSP consultancy, collected data from 2,804 providers of IT services, including 724 users of SaaS Alerts software, in April and May of 2024. Here’s what they discovered:

• Cloud vulnerabilities have surpassed ransomware on a long and growing list of cyber threats.
• SaaS security is generating substantial amounts of incremental monthly recurring revenue.
• SaaS security is imposing time-consuming and expensive operational burdens on MSPs.

New Cloud Vulnerabilities

The report identified cloud vulnerabilities as the third largest security threat end users face, comfortably ahead of ransomware. Nearly 40% of MSPs called cloud vulnerabilities one of the top security threats their clients face. 

Only phishing and business email compromise attacks scored as larger dangers. But since both threats involve SaaS email applications, they are arguably cloud vulnerabilities too.

Specific cloud vulnerabilities MSPs worry about include poor access management (cited by 54% of survey participants), misconfigurations (cited by 44%), and lack of multi-factor authentication (cited by 43%). 

Given this long list of challenges, it’s no surprise that SaaS-related incidents have become disturbingly commonplace. Close to half (49%) of the MSPs in the survey said that more than five of their customers had experienced a SaaS compromise in the last year, and 22% said that over 10 accounts have had a compromise.

However, MSPs using tools like SaaS Alerts reported far fewer account compromises. Specifically, SaaS Alerts partners experienced fewer account compromises than their peers, with 58% of them reporting fewer than six compromises over the last 12 months versus 48% of everyone else. 

When accounts are breached, SaaS Alerts’ users auto-remediate the issue at significantly higher rates. In fact, 76% of them said their SaaS security tool remediates compromises to prevent data loss and other malicious activity automatically, versus 67% of everyone else. 

Predictably, considering numbers like that, SaaS Alerts users have more confidence about security than others and higher confidence in the effectiveness of their entire security stack. 

New Revenue Opportunities

These online threats have enabled many MSPs to increase revenue by providing SaaS security. Many MSPs anticipate higher MRR this year when rolling out security applications like SaaS Alerts, with 65% of the MSPs surveyed collecting at least $50,000 of incremental MRR last year. Nearly half (44%) collected at least $100,000.

Unsurprisingly, SaaS Alerts partners are outgrowing their competition because they have better tools and more security-related confidence. Three-fourths expect to increase MRR in 2024, and 73% expect to increase security MRR. By comparison, 64% of MSPs who don’t use SaaS Alerts anticipate higher MRR this year, and 66% predict higher security MRR. 

In Summary 

Overall, MSPs armed with tools such as SaaS Alerts, designed specifically to address SaaS security challenges, experienced fewer account compromises, achieved higher annual MRR, and were more confident about their ability to keep clients secure.

SaaS Alerts’ wants to enable MSPs to protect customers against evolving online threats while driving consistent MRR growth. MSPs using SaaS Alerts are markedly more effective at securing cloud environments than those who aren’t. Our partners experience greater confidence in their security stacks and services, along with higher MRR. They expect their revenue from security services to continue growing in the years ahead. 

For a full copy of the report, visit https://saasalerts.com/2024-state-of-saas-security-report to download a copy. Or contact us to learn more.