This site is part of the Informa Connect Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 3099067.

The MSP Summit
Sept 28-30, 2026
Loews Royal PacificOrlando, FL
Subscribe
Menu
Subscribe
GTIA Survey: Two-Thirds of IT Service Providers Don't Prioritize Cybersecurity Strategy
By Dave RaffoShareshare

Despite increases in attacks and a growing market opportunity, less than one third of global IT service providers treat cybersecurity as a core strategic piece of their business.

That’s according to the Global Technology Industry Association (GTIA)’s  ”Channel Trends in Cybersecurity 2025” report. GTIA’s survey of more than 1,100 IT service providers (ITSPs) found that only about 31% of the providers treat cybersecurity as a core focus. Another 35% say cybersecurity is a complementary offering with 13% saying they plan to offer it over the next year and 20% with no plans for cyber services.

“I would say that the average channel company – ITSP or MSP -- is not invested enough in their cybersecurity expertise and what they offer today,” said Carolyn April, GTIA’s VP of Research and Market Intelligence.

April said larger service providers are more likely to focus on cybersecurity while smaller companies lack the expertise or find it cost-prohibitive. However, smaller MSPs are increasingly adding cybersecurity to their portfolios through partnerships.

“Some of these folks wisely partner with real cybersecurity experts, and that's a trend,” she said. “You could say that is the way that they've decided to handle cybersecurity, as opposed to trying to do it in-house, which is a good option if that isn't your skill set.”

Market Opportunity vs. Strategic Focus

Service providers that ignore cybersecurity could miss out on a booming market.

Omdia forecasts that the total dedicated IT security services market will reach about $130 billion by 2028, growing at a CAGR of around 10.7% from 2024 to 2028. This includes fast-growing compliance services. Gartner expects the global information security and risk management software market to grow to roughly $287 billion, including AI, automation and cloud/SaaS security deployments.

The GTIA survey found that 72% of the firms that consider cybersecurity a core service saw their revenue increase over the last two years compared to only 42% that sell cybersecurity at a less strategic level and 35% that offer it as an opportunistic add-on as needed.

SMBs: Vulnerable but Underprotected

April said service providers need to emphasize to their SMB base that smaller companies are as vulnerable to cyber attacks as larger companies. And the smaller companies that get hit are more likely to be forced out of business.

“That’s the message that the channel needs to get across,” she said. “They don't need to scare people, but they need to get that message across that you really do need this cybersecurity protection. There's kind of a ‘good enough’ attitude among a lot of those SMBs. They have resource issues themselves, and they have to think about where they're going to cut off the spending. But it's foolhardy. Some of them are not protecting their companies enough at all.”

AI: The Double-Edged Sword

Like all areas of technology, artificial intelligence (AI) increasingly plays a role in cybersecurity. Most (52%) of the IT service providers said they plan to add AI-related cybersecurity tools within a year. However, a proliferation of new tools and relative immaturity of the tech requires a great deal of education by the providers.

Another complicating factor around AI is that the criminals are also using it. Forty-six percent of the surveyed service providers said the evolution of generative AI tools used in cyberattacks are a major concern.

“AI in cybersecurity is both good and bad, and I think based on the results of this cybersecurity study, a lot of [service providers] are really in the figuring-out phase right now - how they're going to use it as an effective tool to ward off cybersecurity problems,” she said. “There's a duality with it. It can be your ally, but you'll end up fighting it also.”

April said how AI is used is becoming a major factor when service providers evaluate their vendors.

“It goes back to that old best-of-breed versus get it all from one place kind of thing,” she said. “So the evaluation of vendors is going to be interesting challenge in the next few years, both on the cybersecurity side and on the AI side.”