MSPs will need to sharpen their cybersecurity and regulatory compliance as The Department of Science, Innovation and Technology (DSIT) adds them to existing policy frameworks in a move to enhance the security of IT infrastructure and reduce the risks of cyber attacks.
DSIT had provided more information on The Cyber Security and Resilience Bill announced in the King's Speech 2024 detailing the benefits of a further 900-1100 MSPs becoming secure.
The statement reads: "These organisations have unprecedented access to clients’ IT systems, networks, infrastructure, and data. This makes them an attractive target for malicious actors and subject to cyber attacks, including those that resulted in impacts on clients.
"This has included the Cloud Hopper attack on MSPs and the attack on the Ministry of Defence’s personnel system. These highlight the vulnerabilities of MSPs and by extension, the critical services they support."
This move has been welcomed by Cobalt MD Ian Dunstan. He said: "This is a great move from the Government. There are no barriers to being an MSP. Not all are equal. Cobalt are members of a wider group of MSP’s that work with each other to make the whole industry better.
Those MSPS will now be subject to the same duties as those placed on firms that provide digital services, referred to as ‘relevant digital service providers’ under the 2018 Regulations.
The DSIT statement added: "While we expect this measure to have associated costs related to security improvements and compliance, these investments will position MSPs as trusted and reliable partners in the cyber security landscape."
John Nolan, UK&I MD, Westcon, at Westcon-Comstor concurred. He said: “While the increased regulatory burden represents a challenge to the UK’s MSPs in terms of additional costs and compliance requirements, it’s also an opportunity. By demonstrating leadership when it comes to complying with the legislation, MSPs can showcase their expertise to customers and strengthen relationships in the process, positioning themselves – to use the government’s phrase – as ‘trusted and reliable partners in the cybersecurity landscape’.
"It is of course vital for commercial and reputational reasons that MSPs ensure compliance with the Bill. Those that feel they require additional support ahead of the Bill becoming law should turn to distributors and other partners for guidance and input as required.”
Pictured: The Rt Hon Peter Kyle MP, Secretary of State for Department for Science, Innovation and Technology