With over 1,800 cybersecurity vendors crowding the market, MSPs face tough choices. Consolidation is accelerating—but so are risks, from failed startups to shrinking margins.
Cybersecurity is booming—and it’s not hard to see why. Global cybercrime costs are forecast to hit $13.8 trillion annually by 2028, up from $9 trillion in 2023, according to Cybersecurity Ventures. As a result, cyber protection has become not just a compliance checkbox but a boardroom imperative. For managed service providers (MSPs), this shift creates a significant opportunity. Cybersecurity is now the fastest-growing—and potentially most profitable—segment of IT service delivery, offering higher margins and deeper client relationships than many traditional infrastructure or support services.
Yet, despite the momentum, the road ahead is far from straightforward.
A crowded market with uneven foundations
The cybersecurity space is extraordinarily crowded. As of 2024, CB Insights lists over 1,800 active cybersecurity startups, many offering narrowly focused tools aimed at solving a single threat vector or compliance issue. This innovation-rich environment has produced some excellent technologies—but also introduced significant operational challenges for MSPs. Stitching together best-of-breed tools into a coherent, repeatable, and scalable service delivery model is difficult. Worse still, many of these vendors lack the long-term viability to give partners confidence.
The recent wave of consolidation is both a symptom and a response to this saturation. Market leaders such as Palo Alto Networks have spent billions—acquiring companies like Dig Security and Talon Cyber Security—to expand into emerging areas such as data security posture management and secure browser environments. Similarly, Cisco’s headline-making $28 billion acquisition of Splunk reflects a push toward unified observability and threat response platforms. Innovators like Sophos and Huntress have organically grown significant channel footprints for services like MDR with significant backing from VC funds.
But not all expansions or exits are triumphant. The collapse of firms like IronNet, which filed for bankruptcy in 2023 despite once being valued at $1.2 billion, highlights the fragile economics of the cybersecurity startup ecosystem. Others—ShieldX, CloudPassage, and a long list of stealth wind-downs—have exited quietly. For MSPs that had partnered with these firms, the consequences include having to rip and replace tools, rework integrations, retrain staff, and, most damagingly, explain to clients why their provider’s tech stack is suddenly obsolete.
The platform play and the risks of over-reliance
At the same time, MSP platform vendors are racing to fill the gap. Companies like Kaseya, ConnectWise, N-able and NinjaOne are embedding security functionality directly into their core platforms—offering everything from managed detection and response (MDR) and endpoint protection to automated patching and dark web monitoring.
The appeal for MSPs is obvious. Consolidated platforms promise fewer vendor relationships to manage, streamlined billing and reporting, and tighter integration between security and operational tools. As Canalys Chief Analyst Jay McBain noted at a recent industry event, “MSPs want fewer tools but more outcomes. They don’t want to manage 12 different agents on an endpoint—they want services that interconnect, with consolidated billing, management, and reporting.”
But convenience comes at a cost. Over-reliance on a single vendor stack creates vulnerability if the platform fails to keep pace with threats, changes its licensing, or shifts focus. MSPs must weigh the benefits of integration against the strategic risk of lock-in.
The perils of betting on the wrong horse
Choosing the wrong cybersecurity partner—particularly among startups—can be a costly misstep. Many newer vendors are backed by venture capital and prioritise growth over profitability, hoping to scale fast or get acquired. But if funding dries up or product-market fit proves elusive, these businesses often fold quickly. Crunchbase data shows that more than 600 cybersecurity startups have either shut down or been absorbed since 2020.
For MSPs, the damage isn’t limited to sunk costs. Onboarding a vendor that disappears months later undermines credibility, erodes client trust, and requires a painful, resource-intensive transition to a new provider. It can also interrupt service delivery, introduce security gaps, and create compliance headaches.
Even when a vendor is stable, operational integration remains a critical—and often underappreciated—burden. MSPs rely on a tightly orchestrated stack where RMM, PSA, ticketing, and alerting platforms must work in harmony. Each new tool added to the mix requires engineering time, workflow redesign, and staff training. Worse, vendor roadmaps and API changes can break existing integrations, forcing MSPs to play catch-up.
A recent N-able study found that 68% of MSPs identified integration complexity as one of their biggest challenges when expanding cybersecurity offerings. In a competitive services environment, any drag on efficiency or automation hits directly at the bottom line.
A smarter approach to vendor selection
To navigate this evolving landscape, MSPs must think beyond feature sets and take a more strategic view of vendor partnerships. Technical capability matters, of course—but so too does business viability. Partners should be assessed based on sustainability: are they profitable, well-capitalised, or reliant on continued funding? Do they have a clearly articulated roadmap and an actual plan to support MSP business models?
Just as important, the best cybersecurity vendors do more than simply deliver tools—they actively support business growth. This includes investing in training and certification programmes that help MSP teams get up to speed fast and maintain a high standard of delivery. Market Development Funds (MDF) can be a game-changer, enabling MSPs to run co-branded campaigns or events that drive demand.
Sales enablement support, including collateral, product demos, and pitch material, helps MSPs communicate value effectively to their customers. Additionally, structured partner success programmes—such as deal registration, concierge support, and territory protection—give MSPs the confidence to invest in long-term relationships. Vendors that provide these capabilities understand the recurring revenue model and the role they must play in helping MSPs not just survive—but thrive.
The race to the bottom
Finally, there is a cautionary tale unfolding. As cybersecurity becomes increasingly commoditised, especially in categories like antivirus and basic firewall protection, some vendors are slashing prices to win market share. It’s a familiar pattern—look at how the once-premium AV market is now effectively free for many users.
This price erosion risks undermining the perceived value of cybersecurity altogether. For MSPs, margin pressure is a real concern. Undercutting competitors might win short-term deals, but it also devalues the service proposition, invites churn, and makes it harder to sustain investment in skilled staff and support infrastructure.
As Chester Wisniewski, Field CISO at Sophos, recently put it: “For many organisations, the chance of being compromised by ransomware actors is just a part of doing business in 2025. The good news is that, thanks to this increased awareness, many companies are arming themselves with resources to limit damage. But MSPs must remain vigilant that their own tech stack isn’t their weakest link.”
Strategic discipline is key
Cybersecurity remains the most dynamic and commercially promising area of managed services. But its growing complexity, coupled with rapid vendor churn and market consolidation, demands greater strategic discipline. MSPs must make vendor decisions based not only on features and price but also on long-term alignment, integration capabilities, and business enablement.
In an industry where the only constant is change, success will depend on choosing partners who help you deliver not just protection—but performance, profitability, and peace of mind.
