Sixty nine per cent of MSP leaders have admitted to being hit by multiple cyber breaches over the last 12 months, despite remaining confident in their security, according to a new report by CyberSmart.
The second annual CyberSmart MSP Survey also revealed that almost half (47 per cent) of those surveyed have suffered three or more breaches in the past year.
More than three quarters (76 per cent) of respondents reported either complete or above-average confidence in their organisation’s cybersecurity posture.
Additionally, the number of MSPs who described their cyber confidence levels as average or above (96 per cent) has remained consistent with the results in 2024. Ninety seven per cent of those we surveyed last year rated their cyber confidence levels as fair or great.
Outside the 20 per cent who categorised their cyber confidence as complete in 2025, most MSPs (80 per cent) recognised that there was some room for improvement, indicating the importance of continued education and the need for consistent and timely guidance.
"As attack attempts on MSPs rise, it can be easy to blame overconfidence. However, most MSP leaders do have above-average cyber knowledge as part of their job, no doubt because of the supporting and advisory roles they play for customers," said Jamie Akhtar, CEO and co-founder of CyberSmart. “What these results really show is that the majority of MSP leaders are willing to engage with the wider community to improve their cybersecurity posture, protecting themselves and their customers from attacks. Ultimately, to stay ahead of attackers in this constantly changing discipline requires the right partners, latest resources and best-in-breed security tools.”
The vast majority of MSP leaders (93 per cent) said that they felt confident in their customers' overall cyber posture. In fact, 45 per cent assessed their customers as having above-average confidence, while 17 per cent described them as completely confident.
These results are broadly consistent with last year’s findings, when 86 per cent of MSPs felt their customers had a great deal or fair amount of cyber confidence. In 2025, that figure remains high, with 85 per cent of respondents saying their customers have at least average cybersecurity knowledge and a combined 53 per cent rating them as above average or expert level.
Additionally, a significant number of MSPs feel ready to help customers through cyber incidents and the changing regulatory landscape. However, for many, there is an untapped opportunity to get ahead of regulations and offer guidance and services to help customers comply. Notably, only 39 per cent of MSPs felt that they were ready to offer a solution or guidance to customers in meeting increasing cybersecurity regulations, such as the NIS2 directive, the EU AI Act and the Digital Operational Resilience Act.
When asked which measures MSPs believe are the most likely to help improve cyber confidence, three were identified above the others:
• Continuous monitoring (51 per cent).
• Employee cybersecurity training (51 per cent).
• Proactive risk management (48 per cent).