While how to spin AI into gold was the main topic at GTIA ChannelCon last week, what to do about cybersecurity remains a major concern. A power panel of vendor channel leaders spent most of its time discussing AI before pivoting to cyber. At that point, the conversation turned from mostly theoretical to harsh reality.

“I would say AI is kicking in a little bit, but cybersecurity really remains the number one concern, probably from a customer perspective, from the MSP and other ITSP [IT service provider] perspective, and also from the vendor perspective,” said GTIA VP of research Carolyn April, who moderated the panel.

GTIA’s survey released at ChannelCon showed SMBs focus more on spending on AI than cyber, which means they are likely underestimating cyber threats. ConnectWise’s The State of SMB Cybersecurity in 2024 study found that 94% of SMBs have experienced at least one cyberattack, up from 64% in 2019. A Viking Cloud study, 2025 SMB Threat Landscape Report, found that one in three SMBs face a successful cybersecurity attack annually and that one in five SMBs have had to close because of these attacks.

The power panel discussed the challenges MSPs face in keeping their small business clients safe from cyber threats, and the importance people play in securing organizations.

Austin McChord, founder of MSP backup and DR software startup Slide, said technology can’t save a business from bad guys if its employees get fooled by AI-powered emails.

"I just think AI makes cybersecurity so much harder,” McChord said. “It’s humans that tend to create the cybersecurity vulnerability. Now you have a two-fold problem. First, AI is super good at exploiting humans. And then second is, when you hire AI agents, they're going to be exploited by other AI agents. And so you have both of those surface sets. And I actually don't know what the right answer is for that. I feel bad for small businesses, and the MSP that is tasked with protecting them because it's more social than technological.”

Cybersecurity’s a Team Sport

Cynet CEO Jason Magee said companies need to fight attacks by getting everyone on the same page, sharing best practices with peers and using platforms that are harder to exploit than point products.

“Unfortunately, the people who are getting it right are the threat actors, but not just because they're threat actors, also because they don't have to play by the same rules that we all do, right?” Magee said. “They don't have governance. They don't have AI use policies that they have to follow and have to say what's right or wrong. They're just on a mission to maximize their ransom or whatever.

“But it is a team sport. So those who are treating it as a team sport are getting it more right than those that are not. Find your group. I suggest platforms that have a little bit more intelligence going on, and they can leverage AI a little bit quicker and faster than a lot of the point solutions out there. Those that are treating it as a team sport, know who's on their team, and leverage their resources are getting it more right than the others. But it's still not perfect, far from it. It’s a difficult job for everyone."

ScalePad CEO Chris Day said MSPs have “been fairly good at this for a long time” when it comes to keeping customers safe and compliant, but need to remain vigilant. “The demand is there,” Day said. “What’s going to help you the most probably, versus any sort of individual tool, is having a plan for how we're going to deal with risk. And most SMEs don't have that. I would say it's 10% -- maybe 5% -- of the SMEs that are really in that head space, and those are usually regulated in some ways. So I see that as a big opportunity to drive the conversations about, ‘what do we do before [an attack]? What do we do after?’ A lot of that's just not defined.”