Economic pressures are increasingly relegating cybersecurity concerns to a lower priority for many small and medium-sized businesses (SMBs), as detailed in the findings of the CyberSmart MSP Survey 2026. The survey revealed that a substantial 46% of managed service provider (MSP) customers express greater concern over operational challenges, such as rising costs and inflation, than they do over cybersecurity risks. This is particularly alarming given the escalating frequency and sophistication of cyber threats.
Conducted by OnePoll, the 2026 survey included insights from 350 MSP leaders across the United Kingdom and Ireland. These leaders represent various industries and serve businesses ranging from one to over 250 employees. The results indicate worrying trends, especially the revelation that 75% of MSPs reported suffering at least one cybersecurity breach within the previous 12 months. Of those, 54% experienced two or more breaches, and nearly a third—32%—admitted to encountering three or more breaches during the same period. While this marks a decline from previous years, it underscores that repeat breaches are still alarmingly common, and MSPs continue to be high-value targets for cybercriminals.
For the second consecutive year, MSPs identified AI-driven threats as their leading security concern, with 49% of respondents highlighting this risk. In stark contrast, issues related to inflation and rising costs have surged in importance, moving from fifth place to third place among MSP concerns, now affecting 38% of respondents. This shift may be attributed to the geopolitical instability that has recently affected global markets, inflating energy prices and contributing to widespread economic uncertainty.
Moreover, the survey findings reveal a marked increase in the concern surrounding supply chain risks, which rose from seventh to sixth place among MSP priorities, jumping from 15% to 19%. This development likely reflects increased regulatory scrutiny due to the Cyber Security and Resilience Bill, compelling MSPs to reconsider their roles and responsibilities within the supply chain context.
A noteworthy 59% of MSPs believe that their customers are at greater risk now than they were 12 months ago. Recent data from the UK Government’s Cyber Security Breaches Survey 2025/6 corroborates this perspective, revealing that 46% of small businesses and 65% of medium-sized enterprises in the UK experienced at least one cyber breach or attack last year. The alarming statistics highlight the urgent need for enhanced cybersecurity measures.
The report illuminates the perceived threats faced by SMBs, with 46% of MSPs naming inflation and spiraling costs as the top perceived risk, even outranking traditional cybersecurity threats like ransomware (41%) and malware infections (41%), and emerging AI threats (37%). This trend suggests that for many organizations, immediate business pressures and financial stability are overshadowing both emerging and established cybersecurity concerns, indicating that economic conditions are now crucially shaping business resilience and operations.
Despite these pressing challenges, MSPs report that a substantial majority—87%—of their clients possess average or above-average levels of cybersecurity knowledge. Jamie Akhtar, CEO and Co-Founder of CyberSmart, remarked on the intertwining nature of cyber risk and economic strain, stating, "MSPs can no longer sell cybersecurity in isolation when rising costs dominate customer priorities. The real challenge has moved beyond the tech stack into liability, compliance, and accountability." He emphasized the importance of embedding security into everyday business operations and collaborating with trusted partners to ensure resilience without incurring additional complexity or costs.
Interestingly, the share of MSPs reporting increased scrutiny from customers fell from 77% in 2025 to 70% in 2026. This suggests that customer expectations regarding security may be stabilizing rather than continually intensifying. Furthermore, a significant portion of MSP customers—61%—are now looking for support with compliance requirements, prompting MSPs to ramp up investments in compliance and regulatory frameworks, rising from 64% to 72%.
As a result, MSPs are increasingly positioning themselves as not only providers of cybersecurity and IT infrastructure but also as essential managed compliance service partners. This shift aligns with evolving regulations and certifications, such as Cyber Essentials, which emphasize continual accountability for security practices. To better support their clientele, MSPs are prioritizing training (51%), continuous monitoring (46%), and proactive risk management (44%) in their strategic investments over the coming one to three years.
In summary, the findings from the CyberSmart MSP Survey 2026 highlight an urgent need for SMBs and MSPs alike to recalibrate their focus on cybersecurity in light of mounting economic pressures. As the threat landscape continues to evolve, it is imperative that businesses prioritize robust security measures while navigating the complexities of compliance and operational resilience.