MSP Cyber Risk ‘Isn’t Just The Hackers Anymore’: Galactic Advisors

Legal liability continues to rise for MSPs in the wake of cyberattacks that impact their clients, according to Galactic Advisors CEO and Chief Security Officer Bruce McCully.

Legal liability has increased dramatically for MSPs in the wake of ransomware attacks and data breaches affecting their clients, creating a need for service providers to double down on assembling evidence of the security measures they’ve implemented, according to the CEO and Chief Security Officer of cybersecurity assessment and consulting firm Galactic Advisors.

“We have a problem, and it isn't just the hackers anymore,” said Bruce McCully (pictured), during a keynote session Sunday at XChange August 2025, an event hosted by CRN parent The Channel Company being held this week in Denver. “There's a new breed of personal injury lawyers, not chasing ambulances, but looking for breach notifications.”

[Related: 10 Major Cyberattacks And Data Breaches In 2025 (So Far)]

McCully urged solution providers to prioritize the collection of documentation to show they’re making the correct security decisions for their clients.

https://www.youtube.com/shorts/HZTG6HPo_iQ

“Think about it—if you were [the impacted firm’s] MSP, if you did everything right, could you prove it?” McCully said. “This particular Galactic partner had the documentation, he had the evidence, he had the proof. He had made recommendations. And my question to all of you is, do you have that proof? Even for your smallest clients?”

There’s no question that McCully’s comments are a stirring warning for MSPs, said Anthony Robbins, managing partner at Network Services LLC, an Amherst, N.Y.-based MSP.

Robbins said the ever-increasing need for MSPs to both protect themselves and their clients from attacks—and now, legal action—is a constant concern.

“What keeps me up at night is [the possibility of] a cybersecurity breach that's going to end up getting me sued,” he told CRN, noting that the intensifying threat environment can often feel overwhelming for many MSPs.

“MSPs are getting hacked, and then they are compromising the security of their customers,” Robbins said. “I have to find a way to further secure our customers, convince them that they need the security and get them to buy into it, without breaking their bank or ours.”

Speaking during the XChange session, McCully said there’s a tremendous opportunity for MSPs that can help educate their clients and then execute on an improved cyber liability posture.

“You're going to need to consider changing the way you educate your clients. You're going to want to consider reframing your compliance solution. And you're going to have to figure out how to operationalize all this stuff,” he said. “Your clients are on a security journey. They're all at some point on that journey. And it all starts with education.”