Over the last year more and more MSPs are pulling security into their core offering rather than treating it as an add-on.
The big drivers behind this seem to be client pressure and the fact that 42% of small businesses in the UK reported a breach in 2025 and this has changed what they expect. Cyber insurance questions are getting stricter, audits are more common and customers now need their MSP to flag issues before they turn into incidents.
That’s why roles linked to SOC work and cloud security are coming up more often in hiring conversations. Someone needs to monitor alerts across multiple tenants, investigate suspicious activity, deal with incidents when they happen and make sure client Azure and AWS environments are configured properly.
The challenge comes from the MSP setup itself. These aren’t single-organisation environments. You’re dealing with multiple clients at different levels of maturity, legacy systems mixed with modern cloud deployments and work that can be reactive at unpredictable times. That combination rules out a lot of people who have only ever worked in internal environments.
The result is that MSPs aren’t just looking for a security person. They’re looking for someone who understands security and is comfortable with the pace and unpredictability of managed services. Finding people with that mix of technical skills and MSP experience is tough, which is why these roles are becoming increasingly difficult to fill.
For MSPs looking to expand their security services; Investing in training, upskilling existing staff or thinking creatively about how to attract people comfortable with the fast paced multi-client environments can make the difference.