ConnectWise has released multiple reports over the last several months, including its annual MSP security threat report and new insights on the financial health of channel partners. We spoke with ConnectWise CISO Patrick Beggs and EVP of Service Leadership and IT Nation Peter Kujawa to dig deeper into what their research means for MSPs.
2025 MSP Threat Report highlights added complexity and targeted approach to security
The company’s annual MSP Threat Report is based on research from the ConnectWise Cyber Research Unit and analyzes millions of EDR and SIEM alerts, highlighting emerging trends, attack vectors, and practical defenses.
The report identifies new complexities in how attacks are planned and executed by threat actors, with an added focus on smaller organizations that groups suspect won’t have strong security measures in place. Adding to this is the notion that data, not just financial payout, is the new target.
“It’s not just ransomware anymore, and there’s no honor among thieves,” Beggs said. “It isn’t just money anymore, as we’ve seen with a few examples, like the United Healthcare attack. They’ll ask you for the money, but they’re also in it for the data, and threatening to expose all that sensitive data now, too.”
Some of the key findings of the report include analysis on the following:
- Shifting Ransomware Landscape: Ransomware groups are increasingly targeting smaller organizations, hoping to take advantage of their often less robust cybersecurity defenses. The rise of data extortion as a standalone tactic further complicates data protection strategies, as sensitive information becomes a direct target, even without encryption.
- Sophisticated EDR Evasion: Attackers are developing advanced techniques to disable or circumvent EDR solutions, creating a significant obstacle to effective threat detection and response. This necessitates a move beyond relying solely on EDR and adopting a more layered and proactive approach to security.
- Resurgence of Drive-by Attacks: Drive-by attacks, including the emergence of new variations like “ClickFix,” are making a comeback. These attacks, which exploit vulnerabilities in commonly used software, pose a significant challenge to endpoint security and require robust defenses and user education.
- Targeting of Edge Devices: Edge devices, such as firewalls and VPNs, are increasingly targeted by attackers seeking initial network access. Securing these often-overlooked entry points is crucial for protecting the network perimeter.
The silver lining, where one can be found, is that ensuring the basics of cybersecurity are in place can keep organizations safe from many of the most pressing threats.
“Attackers are trying to take advantage of what’s left and the large groups are going after that low-hanging fruit,” Beggs said. “Anyone who doesn’t have MFA enabled yet, they’re just waiting for something to happen at this point. It’s the basics that really need to be handled across the board.”
Beggs highlights MFA especially as password spraying and other identity-based attacks continue to wreak havoc on organizations not taking the proper steps to secure themselves and their employees. People, Beggs reminds all MSPs, are the first and sometimes final line of defense.
“It all comes back to the human side of things,” Beggs said. “When MSPs can leverage tech to automate and verify the basics, they can devote their manpower to new opportunities and more advanced security measures.”
Service Leadership research points to profit and revenue trends levelling post-COVID
In addition to the threat report, ConnectWise also released its Q4 Service Leadership Index and the 2025 Annual IT Solution Provider Compensation (Remuneration) reports. Both reports touch on financial trends impacting MSPs throughout the channel.
The compensation report, according to Kujawa, shows the slowing of how much providers are spending to increase the pay of their top employees. This, in turn, impacts bottom line profit figures as many MSPs look to a return to more stable spend on their highest budget item: people.
“In the height of the COVID years, wage inflation was forcing MSPs to then increase their prices just to keep up, and that raise in pricing on existing customers is actually part of why overall growth looks so high in that time frame,” Kujawa said. “As overall growth is slowing, we’re actually seeing a rise in profitability and margins improving.”
The Q4 Service Leadership Index report outlines key insights including:
- Despite the deceleration in revenue growth worldwide, MSPs profitability has shown resilience: The average adjusted EBITDA for MSPs worldwide decreased from 12.2% in Q3 to 11.1%, but adjusted EBITDA in Q4 was higher this year than 10.3% in 2023.
- More MSPs are operating at a loss worldwide: In Q4, 18% of MSPs reported a loss, an increase from 14% in Q3 2024.
Kujawa says many of these trends are actually in line with what has emerged in recent years following the boom in tech purchasing brought on by the onset of the COVID-19 pandemic.
They also are in line with trends ConnectWise has seen over the past three presidential election cycles, in which the year of an election sees an overall decrease in IT spend as businesses pause investments due to economic uncertainty.
“The good news there is that what we have seen an uptick in the year following the election for the past three cycles,” Kujawa said.
What MSPs should know moving forward
While security and profitability research aren’t directly related, Beggs and Kujawa both stressed that the research can provide MSPs insights on how to set themselves up for success this year.
Beggs stresses the importance of MSPs establishing what amount of risk they are willing to assume in working with clients. As cyberinsurance providers continue to tighten liability and coverage parameters, MSPs need to be upfront with clients who remain ambivalent about proper security measures.
“We talk to MSPs who are baking security requirements into their contracts and telling clients if they don’t agree to a minimum security baseline, they won’t work with them,” Beggs said. “MSPs with higher operational maturity are selling two times the amount of security because they see how necessary this market is.”
Above all, Kujawa says, good business is good business, no matter what happens in the industry in 2025 and beyond. Those MSPs who can join peer groups, benchmark themselves against leaders in the industry, and work towards best-in-class operating models will be set up for long term success in any market.
“Good models pre-COVID are still good business models today, even with everything in our industry that has changed,” Kujawa said. “Those who know how to run their businesses the right way will do that no matter what, and they will be successful because of it.”
The channel benefits from new start-ups continuing to innovate on how technology can solve business problems. Learn more about IT Nation’s PitchIT competition as it enters its seventh year.