GTIA Exec: Cybersecurity ‘Will Never Be Solved,’ And That’s The Opportunity For The Channel

‘Cybersecurity is a problem that will never be solved. And that means it’s also a business that will never run out of opportunity,’ says Carolyn April, vice president of research and market development at the Global Technology Industry Association.

The global cybersecurity market is racing toward an estimated $377 billion by 2028, but a large share of IT service providers still aren’t treating security as a core business, according to research from the Global Technology Industry Association (GTIA).

The “Channel Trends in Cybersecurity” report, released in November, found that only about one-third of IT service providers currently view cybersecurity as a primary focus, despite a steady rise in attacks, accelerated AI-driven threats and growing regulatory pressure on customers.

“What surprised me most is that despite the industry, the media and every market research firm talking nonstop about cybersecurity, we still see real hesitation from a significant portion of ITSPs [IT service providers],” Carolyn April, vice president of research and market development at Oakbrook Terrace, Ill.-based GTIA, told CRN.

That reluctance has deep roots, April said. For years, cybersecurity was treated as an add-on rather than a discipline.

“Cybersecurity used to be antivirus and a firewall,” she said. “You sold hardware, you ran the network and cyber was just another license. Many ITSPs never built real practices around it, and the talent simply wasn’t on staff.”

The findings come as threats continue to intensify. Thirty-one percent of respondents said they experienced a cyberattack in the past year, according to the study. At the same time, 52 percent plan to adopt AI-enhanced cybersecurity tools over the next 12 months, an acknowledgment that the threat landscape is evolving faster than many IT service providers are.

“As AI explodes, both as a threat and an opportunity, ITSPs are going to have to pay closer attention,” April said. “We still haven’t seen the majority transition into deep, mature cybersecurity practices, and that has to change.”

One of the biggest barriers is complexity. Modern cybersecurity now spans cloud security, identity and access management, and security information and event management (SIEM) to name a few, far beyond what many IT service providers historically offered.

Liability concerns are also holding them back. Even when best practices are followed, the financial and legal risks tied to a breach can be daunting, especially for smaller companies.

“If a customer has a breach, you could still be on the hook,” April said. “For many smaller ITSPs, that risk is simply too big. In regions like the U.K., regulatory compliance is expensive, so some providers choose to stay out of cybersecurity entirely rather than do it halfway.”

Despite the hesitation, demand from customers continues to surge. GTIA said it is focused on helping IT service providers climb the cybersecurity maturity curve rather than avoid it altogether.

“We built the Cybersecurity Trustmark to help ITSPs adopt best practices,” April said. “The ladder is steep, but it’s climbable.”

Choosing the right tools, especially AI-powered ones, is another challenge as vendors flood the market with competing claims, she said. While GTIA doesn’t endorse specific products, it works with members to evaluate categories of tools and understand what AI capabilities actually deliver.

“A lot of vendors are adding AI into tools ITSPs already use,” April said. “The key is understanding what the AI does and making sure teams are properly trained.”

Partnerships also could become a defining strategy over the next year. Rather than building cybersecurity practices from scratch, many MSPs may turn to MSSPs to fill the gap. Not every MSP needs to build a whole practice organically, she said. Partnering allows them to say “yes” to customers without taking on all the risk.

But talent still remains both the biggest enabler and the biggest obstacle. Nearly half of respondents in the survey said access to skilled cybersecurity professionals would be the single most important factor in expanding their offerings. With hiring budgets tight, retraining existing staff may be the most realistic path forward.

“It’s often cheaper and just as effective,” she said. “Identify your best people and level them up. And again, partners can help.”

As for defending against the next wave of AI-driven attacks, the industry is still playing catch-up. “AI may ultimately be the best weapon against AI. It’s a strange friend-and-foe relationship,” April said.

“Customers want to know who they can trust,” she said. “Anyone can call themselves an MSP today. There’s more talk than ever about licenses or standards, and I expect that conversation to heat up this year.”

“Cybersecurity is table stakes now,” she added. “If a customer is choosing between you and an MSP with a cyber practice, you’re going to lose.”

Looking ahead, GTIA sees growth opportunities in cloud security, data protection, privacy and AI-related services, all areas where regulation and customer scrutiny are intensifying.

“Cybersecurity is a problem that will never be solved,” she said. “And that means it’s also a business that will never run out of opportunity.”