Economic pressures are pushing cybersecurity down the priority list for many SMBs according to The CyberSmart MSP Survey 2026. Notably, 46% of MSP customers are more concerned about operational challenges such as rising costs and inflation than cybersecurity risks, despite increasing threats. Meanwhile, MSPs themselves identified AI-driven threats as their top security concern for the second consecutive year.
The 2026 research, conducted by OnePoll, features insights from 350 MSP leaders across the UK and Ireland, spanning a selection of industries and serving customers ranging from 1 to 250+ employees.
Worryingly, three quarters of MSPs admitted to suffering at least one breach in the last 12 months, with 54% reporting being breached two or more times and nearly a third (32%) of respondents admitting to experiencing three or more breaches. Although down on last year, this shows that repeat breaches are still concerningly commonplace and that MSPs remain a valuable target for cybercriminals.
MSPs ranked AI as the top threat facing their organisation for the second year in a row (49%). Notably, inflation and spiralling costs have jumped from 5th to 3rd place (38%) this year. Geopolitical instability may be a contributing factor to this, given its widespread impact on inflation, energy prices and overall economic uncertainty.
Additionally, supply chain risk has risen from 7th (15%) to 6th (19%) among MSPs’ top concerns. This shift likely reflects the growing focus introduced by the Cyber Security and Resilience Bill, which places greater scrutiny on MSPs’ role within the supply chain for the first time and is prompting many to reassess their position and responsibilities.
59% of MSPs feel that their customers are more at risk in the past 12 months than they previously were. This reflects recent data from the UK Government’s Cyber Security Breaches Survey 2025/6, which found that 46% of small and 65% of medium sized businesses in the UK had experienced at least one cyber breach or attack in the past year.
When it comes to threats facing customers, 46% of MSPs ranked inflation and spiralling costs as the top perceived threat. This ranked higher than ransomware or malware infections (41%), emerging AI threats (37%) and supply chain threats (25%). This suggests that for many organisations, day-to-day business pressures and financial stability are taking precedence over emerging or even established cyber threats, highlighting that business resilience is currently being shaped as much by economic conditions as by the cyber threat landscape.
However, MSPs suggest that the vast majority (87%) of their customers have average or above levels of cyber knowledge.
Jamie Akhtar, CEO and Co-Founder of CyberSmart, said: “Cyber risk and economic pressure are now inseparable. MSPs can no longer sell cybersecurity in isolation when rising costs dominate customer priorities. The real challenge has moved beyond the tech stack into liability, compliance and accountability. For SMEs, the key is embedding security into day-to-day operations and working with trusted partners to maintain resilience without adding unnecessary complexity or cost.”
The share of MSPs reporting increased scrutiny fell from 77% in 2025 to 70% in 2026, suggesting customer expectations are becoming more standardised. Rather than intensifying year-on-year, security scrutiny now appears to be stabilising as a baseline part of procurement, compliance and vendor oversight.
Interestingly, customer expectations of MSPs are changing too, with 61% of customers now expecting support with compliance requirements. In response to this, MSP investment in compliance and regulations has risen from 64% to 72%. MSPs are fast becoming managed compliance services, as well as cybersecurity and IT infrastructure partners.
This is unsurprising given that regulations and certifications, like Cyber Essentials, are changing in favour of keeping companies accountable for a continuous commitment to security. Subsequently, SMEs will likely turn to MSPs to help them maintain compliance and security standards throughout the year. To better support customers, MSPs are prioritising investments in training (51%), continuous monitoring (46%) and proactive risk management (44%) over the next one to three years.
