First-of-its-kind compliance benchmarking report reveals Managed Service and Security Providers lack ​​the knowledge, technology and resources to fully capitalize on continuous compliance as a revenue opportunity – even as growth expectations surge

ATLANTA: Apptega, an industry-leading end-to-end cybersecurity compliance platform company, unveiled the findings of its inaugural “State of Continuous Compliance Report,” which offers insight into the compliance trends, challenges, and opportunities that managed service and security providers face today. Amid a rapidly evolving business landscape, this report serves as a roadmap for these providers to improve business growth and revenue in a competitive market.

The report found that 85% of providers face “significant challenges” maintaining compliance for customers, with lack of resources, expertise, or technology cited as the most common roadblocks to offering managed compliance. That being said, the survey also found that 87% of respondents are open to delivering compliance services through a compliance automation platform, but only about half of these providers are currently doing so. When considering that 70% of managed service and security providers are targeting at least double-digit recurring revenue growth, it’s clear they are leaving money on the table when it comes to leveraging their compliance offerings to help meet aggressive business growth goals.

“A golden era of seemingly unfettered growth in managed services is slowly coming to an end in 2024 as we now appear to be entering a phase of consolidation, M&A, and private equity-backed rollup where only the strong balance sheets will survive and only the differentiated will thrive — or successfully exit,” said Dave Colesante, CEO at Apptega. “Our new report paints a clear picture: In a cutthroat environment where recurring revenue and margin growth is at a premium, continuous compliance services represent a lucrative opportunity.”

Apptega’s survey revealed the following key findings on the current state of compliance among managed service and security providers:

• Security providers have a managed compliance gap: While 80% of the surveyed providers provide some form of compliance offering, many only offer compliance in an advisory capacity and only 15% offer compliance primarily as a managed service.
• Compliance represents a disproportionately small percentage of overall business and revenue: While providers recognize the benefits of continuous compliance and are interested in offering the service, nearly half receive less than 10% of their revenue from compliance services and only 26% generate more than a quarter of their revenue from compliance services.
• Security providers view compliance as a high-growth opportunity: 3 out of 4 respondents view compliance as a “high growth” business and 86% are interested in continuous compliance as a service offering for their clients.
• Security providers still rely on spreadsheets to track compliance: Although using spreadsheets to manage cybersecurity compliance is an outdated approach, more than half of providers are still using spreadsheets to track, measure, and report on cybersecurity compliance for their clients.

“Clearly, managed compliance represents a lucrative opportunity for the relative few services and security providers equipped to offer it,” said Christopher Yula, VP of Sales & Strategy at CyberSecOp. “Unfortunately, most lack the technology, resources and know-how to deliver an impactful assessment and follow-on program. At CyberSecOp, we've partnered with Apptega to go to market with a differentiated continuous compliance offering that allows our world-class security expertise to shine."

Other interesting findings from the report include:

• Smaller providers are more likely to offer compliance services: Those with fewer than 100 employees offer compliance at a rate 8% higher than those with more than 100 employees. They outnumber the larger providers by 26% for managed compliance services.
• Security providers fall behind in offering framework-based services: Cybersecurity frameworks are a crucial tool for helping organizations evaluate their security postures and meet compliance standards, but nearly 40% of respondents said they don’t offer framework-based services. Of the ones who do, 90% are providing consulting and analysis, 81% provide risk scoring and remediation, and 70% are providing framework mapping, consolidation, and crosswalking.
• ISO 42001 ranks among least offered frameworks: ISO 42001 — the new artificial intelligence management system standard — is currently managed by only 19% of security providers offering framework services (12% of all providers). The most common frameworks among the 61% of security providers offering these services include CMMC, HIPAA, and NIST 800-171.

The State of Continuous Compliance Report is based on a survey from March to May of 2024 of practice leaders and senior operators at 115 providers that offer security services. Apptega’s findings illustrate how managed service and security providers can realize new business opportunities and go to market more effectively with lucrative security and compliance solutions. To learn more about the report and download a full copy, please visit this page.

About Apptega

A perennial G2 leader across various risk management categories, Apptega is the end-to-end cybersecurity compliance platform that security-focused IT providers and in-house teams use to build and manage cybersecurity compliance programs simply, quickly, and affordably. It’s trusted by hundreds of MSSPs, MDR companies, and security-focused MSPs that are growing lucrative compliance practices, creating stickier customer relationships, and winning more business from competitors. To learn more, visit apptega.com.

Fonte: Business Wire