Who Bears The Risk?

We noticed that managed service providers (MSPs) are often not willing to take responsibility for the risks they impose on their customers. Yet their customers often assume that an MSP will take responsibility for a particular risk – and that’s where the problem lies. When this type of miscommunication occurs, it leaves large gaps in the security posture of organizations. So who owns the risk?

Shifting the risk

If an organization is working with one or more MSPs, it must understand the concept of shared responsibility. MSPs and their customers must work together to meet security standards and expectations. Partnering with an MSP does not take the risk away from the customer; rather, it shifts it. Securing systems such as database servers, firewalls, switches, authentication services and log servers means sharing risk between the MSP and the customer. As the MSP, you need to clearly define what falls within the scope of your responsibility to your customer. Clients inherently assume some risk, but not all of it. You are offering important, essential services – take that responsibility seriously. Customers place their trust in your services. Managed Service Providers (MSPs) depend on being trusted. If a client does not trust your services, why would they choose you?

Try not to fall into the trap of getting too comfortable with risk when partnering with an MSP. As a business partnering with one or more MSPs, you need to remember that you can’t outsource your reputation. Your reputation will always be at risk – and you are responsible for it. It’s up to you to vet the MSP and hold them to a high standard.

Advantages of taking ownership of the risk you face

Chasing demanding compliance goals, especially before you are required to do so, may seem like too much work, money or time. However, we believe that an MSP who proactively undergoes a SOC 2 audit is demonstrating that they are invested in providing secure services and protecting their customers’ data. If you meet compliance goals before your competitors, or before a potential customer asks you, you are in a position to take your own risk.

MSPs’ reputation, business continuity, competitive advantage and brand image depend on the quality and security of their systems and can benefit from SOC 2 compliance.

Owning your risk…

  • Makes you aware of where your vulnerabilities lie and how that impacts your customers
  • Gives you direction on how to mitigate risk
  • Gives you a competitive advantage, sets you apart from others
  • Protects your reputation
  • Ultimately makes you and your customers safer


If you’re an MSP hesitant to undergo an information security audit, consider the consequences of a data breach or security incident. Once your customers’ information systems or data are exposed, you’re on a path fraught with obstacles and fragmented security. Your reputation will be permanently altered. Your customers will no longer trust you, potential customers will no longer inquire about your services, and lawsuits and fines will result. The continued existence of your business depends on securing your systems and proving that you are indeed a secure MSP.




Top 11 RMM tools

Top 11 RMM tools Remote Monitoring and Management (RMM) tools are essential for IT professionals and Managed Service Providers (MSPs) to efficiently manage and monitor

Read More »

Top 8 WSUS alternatives

Top 8 WSUS alternatives Windows Server Update Services, commonly referred to as WSUS, serves as an essential element within the Windows Server ecosystem. It empowers

Read More »

Subscribe to our newsletter!

Get all latest news, exclusive deals and updates + free 30 day XEOX trial.