Expert warns MSPs face tougher compliance deadlines as cyber attacks increasingly target the sector

13th July 2026

Managed Service Providers face a convergence of regulatory, security and market pressures in the second half of the year, according to a leading tech expert.

Roy Shelton, Group CEO of managed services provider Connectus Business Solutions, said the biggest change flows from the requirements of the Cyber Security and Resilience Bill, which is expected to receive Royal Assent later this year.

Its requirements will be phased in during a timetable that is expected to run into 2028, but it means that medium and large MSPs (£10 million-plus turnover, 50 or more employees) will come under oversight by the Information Commissioner’s Office.

Mr Shelton said: “The requirements include two-stage incident reporting, with an initial report within 24 hours and a full report within 72 hours, so this is a significant change that we and our clients will need to accommodate.

“Compliance among MSPs is high, but the enforcement readiness requirements will start to bite over the course of the second half of 2026.

“There is also greater pressure on MSPs from bad faith actors, as they are increasingly being targeted in preference to large companies directly, as the rewards for a successful breach could be higher if it exposes many client networks at once.

“Research from SecurityScorecard found that 97% of FTSE 100 companies suffered a breach involving a third-party supplier over a twelve-month period to March 2024, so the figures tell the story. More than ever, a security-first service is becoming the baseline requirement for clients.”

Mr Shelton said smaller MSPs are feeling the pressure, as there is a talent shortage and cost pressures are putting the smaller players at an increasing disadvantage.

“Cyber, cloud and AI specialists remain scarce, with senior cyber analysts commanding pay that averages some £57,000, while cloud architects are approaching six-figure sums,” he said.

“All this comes at a time when the tempo of AI-powered cyberattacks is increasing exponentially.

“My advice for firms looking for increased security for their networks is to use a reputable managed service provider or security partner to monitor and respond to threats. This ensures that if there is an attack, remediation can begin immediately and the incident managed professionally.”

His recommendations for bolstering security are:

  • Strong passwords and MFA:Enforce complex password policies and switch on multi-factor authentication wherever it’s available.
  • Employee awareness training:Staff are your first line of defence. Regular training helps them spot phishing attempts and social engineering tactics before damage is done.
  • Endpoint protection:Make sure every device is covered by up-to-date anti-virus software and endpoint detection tools.
  • Access controls:Restrict access to sensitive data by role and responsibility, so employees only see what they need to do their job.
  • Email security:Deploy spam filters and threat detection to keep phishing attempts out of inboxes.
  • Incident response planning:Have a clear, tested plan in place so your business knows exactly what to do if a breach happens.
  • Leverage external expertise:Partner with trusted cyber specialists to audit, monitor and continually strengthen your defences.