For years, managed service providers(MSPs) were seen as external IT teams – helpful but on the sidelines. Today, their role is changing. With the increasing complexity of IT environments and the growing emphasis on cyber resilience, MSPs are becoming key players in companies’ security strategies – not just contractors, but full partners.
This is not a cosmetic change. It is a full transformation of the operating model.
MSP on a new course
According to the SME Customer Insight Report 2025, prepared by Barracuda Networks in collaboration with Vanson Bourne, up to 73% of organisations worldwide are already using SME services, with a further 23% actively exploring the possibility. Importantly, the customer profile is also changing: from the typical SME sector to medium-sized and larger companies. In the segment with 1,000 to 2,000 employees, as many as 85% of companies are using MSPs – more than in the 50-100 employee group.
Behind this change is primarily the increasing fragmentation of IT security environments. Companies increasingly use multiple tools, platforms and vendors that require integration, coordination and continuous oversight. MSPs that are able to provide this are beginning to take on the role of ‘conductor’ in a complex technology orchestra.
From IT support to strategic partnership
The traditional problem-response relationship is fading into the background. Companies today expect proactive support from MSPs – both in day-to-day protection and in planning their long-term security strategy. In the DACH region, 56% of organisations use MSP services available 24/7. This is no longer a luxury – it is a necessity.
Clients are looking not just for incident response, but for support in growth, scaling and digital transformation. They increasingly expect MSPs to advise on which technologies to deploy, how to optimise security architecture and how to ensure regulatory compliance.
In this role, MSPs need to speak the language of risk, operational continuity and resilience – not just SLAs and patch management.
New requirements: AI, zero-trust and operational continuity
Growing expectations translate into specific competences. MSPs today not only need to know the basics of cyber security, but integrate advanced solutions based on artificial intelligence, implement zero-trust architectures, provide SOC-type services, and deliver threat analysis and penetration testing.
Globally, 39% of companies indicate AI/ML as one of the most desirable competences in managed services. In the DACH region, this figure is 37%. In parallel, there is growing interest in threat intelligence, risk analysis and resilience planning services.
All this means that SMEs are increasingly competing not only with other IT providers, but with consultancies, systems integrators and the internal security teams of large organisations.
Not everyone can keep up with the change
The transformation of SMEs into strategic partners is a big opportunity, but also an even bigger challenge. Organisations are prepared to pay more – as many as 92% of those surveyed say they will accept up to 25% higher costs for MSP services, as long as they meet real business needs. But this rise in expectations carries risks.
Companies are less and less willing to tolerate deficiencies in the SME offering – such as lack of business continuity, poor quality of crisis response or inability to scale services. In the DACH region, as many as 50 per cent of companies surveyed say that a lack of 24/7 support would be reason enough to switch providers.
In addition, there is growing pressure on MSPs to be resilient themselves – customers expect the IT partner itself to meet security standards, not be an attack vector and have transparent response procedures.
Co-management and ecosystems – the future of managed services
In response to changing customer needs, an increasing number of SME companies are opting for a co-managed services model. In this arrangement, the service provider does not completely replace the client’s IT department, but acts as an extension of it – providing specialist expertise, tools and scalability where they are needed.
This model works particularly well for larger organisations that want to retain strategic control of IT while gaining access to the latest technologies and competencies without having to build them internally.
On the other hand, technology vendors are increasingly developing integrated partner programmes for MSPs – offering access to platforms like XDR, SIEM tools or off-the-shelf components for SOC-as-a-Service. This makes MSPs part of a larger security ecosystem, where interoperability, response time and quality of threat data are key.
SMEs as the axis of digital business security
SME transformation is not happening in a vacuum. It is a response to growing business pressures: staff shortages, the rapid pace of digitalisation, new regulations and increasingly sophisticated cyber threats.
Companies no longer want to have an ‘IT someone’. They need a partner who understands their risks, can design resilient infrastructure and ensure business continuity even in crisis conditions. SMEs that meet these expectations can take a central position in the value chain of IT and security services.