The cybersecurity channel is thriving. Security managed services revenue alone will grow 15% annually in 2025, according to technology market analyst firm Canalys.
However, the landscape in which value-added resellers (VARs), distributors, managed security service providers (MSSPs) and others operate is also changing.
Against a backdrop of new regulations, threat actor innovation and advances in AI and IT infrastructure, challenges and opportunities are everywhere.
CISOs wanting to harness the skills, expertise and resources of the channel must understand how the market is likely to evolve in 2025.
Infosecurity Europe will host a new Channel Zone at the 2025 event. Click here to find out more.
IT Infrastructure and Threat Trends Drive Cybersecurity Spending Through the Channel
In many ways, the IT channel is the cybersecurity industry. In Q2 2024, for example, security spending via the channel accounted for 91% of total spend, according to Canalys.
Ultimately, where this spend happens is influenced by two key factors: threat actor behavior and the type of IT infrastructure and services deployed by end-user organizations.
Threat actors continue to innovate thanks to AI tools, infostealer malware and the aid of their peers. According to a recent report by ReliaQuest, the average breakout time post-exploitation has plummeted over the past year to just 48 minutes.
That was helped in part by novel intrusion techniques such as vishing-based IT impersonation, as well as “ransomware assembly lines” where separate affiliates handle different stages of an attack chain.
The same ReliaQuest report warns that adversaries are getting better at using generative AI (GenAI) to automate reconnaissance of targets, detect vulnerabilities faster and adapt their exploitation techniques dynamically, depending on corporate defenses.
Then there are the IT environments they are targeting. As digital transformation continues apace, the attack surface is growing – expanding particularly across distributed cloud and AI services.
AI is a fast-growing attack surface all of its own, which could include everything from large language models (LLMs) and the platforms that host them (like Ollama), to vector databases and other open source components. Many of these are riddled with vulnerabilities and misconfigurations, exposing them to attack.
Trends Shaping the Channel
According to Forrester VP and principal analyst Jeff Pollard, the shift to cloud is having a profound impact on the channel.
“Marketplaces, platforms and cloud are the primary disrupting factors for IT security channel businesses today,” he told Infosecurity. “If I’m in the cloud, and deploying new technologies is as easy as prebuilt API integrations that I can subscribe to via a marketplace, then I can cut out the channel partner completely and buy through an app store or marketplace.”
Channel players are also affected by the same economic pressures impacting their customers, added Christina Decker, director of strategic channels, Europe, Trend Micro.
“The IT channel is navigating economic uncertainties, including high borrowing costs and escalating cybersecurity threats.”
“The IT channel is navigating economic uncertainties, including high borrowing costs and escalating cybersecurity threats,” she told Infosecurity. “These factors impact profitability and require strategic adjustments to maintain competitiveness.”
Additionally, there is the challenge, but also opportunity, that comes from growing compliance mandates.
“The launch of new regulations such as NIS2 adds complexity, especially for SMBs, which will then look to their channel partners to articulate the changes and what this means for them as a business,” said Joe Turner, global director of research at analyst Context.
In fact, the SMB market is the biggest current growth area for the cybersecurity channel, he told Infosecurity.
“Channel partners are positioned perfectly to be able to support SMBs,” he said. “They often do not have the resources for an in-house team managing their cybersecurity infrastructure and therefore require a partner to consult and recommend on the best solutions to fit their challenges,” Turner said.
How the Channel is Evolving
The channel is reacting to these trends in a variety of ways. For one, its businesses are looking to diversity their portfolio of services into areas like extended detection and response (XDR), Zero Trust and compliance services, said Turner.
Context figures shared with Infosecurity revealed XDR services sold through the channel grew 64% annually in 2024.
Forrester’s Pollard said that many MSSPs are getting into the managed detection and response (MDR) space to meet a growing demand for ransomware mitigation.
“It’s a higher value, margin and growth service compared to legacy MSSP-style services with strong customer retention,” he explained.
Meanwhile, anti-virus, multi-factor authentication (MFA) and endpoint detection and response (EDR) are becoming saturated, according to Canalys.
Alongside MDR/XDR and Zero Trust, other growth areas include secure access service edge (SASE), anti-data exfiltration (ADX), SaaS monitoring and backup, password management, DNS protection, content filtering, and DMARC for email security.
Channel Opportunities in AI and Training
According to Canalys chief analyst, Matthew Ball, there are major opportunities for channel players to secure AI infrastructure and models, and offer AI-powered security products and services.
“Cybersecurity is a key use case for early GenAI adopters, which focus on three areas. Threat detection and prevention – using it to detect anomalies in network traffic and user behavior – incident response, and SOC analyst enablement,” he told Infosecurity.
Ball said the biggest opportunity for agentic AI is within SOC analyst enablement – using AI to automate highly repetitive tasks and for adaptive training.
As well as increasing their own capabilities and expertise in specific fast-growing areas of the cybersecurity market, channel players are also looking to add value, and grow profits, by training customers.
“There is a big push on education and training of end-customer employees, typically included as part of certain managed services,” said Context’s Turner. “Regular workshops or webinars help them understand what the emerging threats are, how to better protect themselves and what the latest compliance regulations are that are coming into play and what that might mean for their business.”
Changing Business Models
A shifting economic and technology landscape is also forcing some channel players to reevaluate their business model altogether.
“The need to develop their own platforms rather than rely on technology partners is another trend emerging,” said Forrester’s Pollard. “So instead of building a service that sits on top of partner technology, these companies are building their own platforms that provide value for customers directly.”
Meanwhile, others are considering M&A activity. Canalys claimed this was subdued last year due to political and economic uncertainty but will likely bounce back in 2025 with managed service providers (MSPs) making acquisitions in the MDR and XDR space.
Finding a Trusted Partner
All this change should be good news for CISOs, as it means the channel industry is adapting to better serve the needs of its end customers.
Another example is certifications, which Canalys expects more MSPs to overhaul in 2025. By turning to industry-wide frameworks like the UK government-backed Cyber Essentials Plus and the Pentagon’s Cybersecurity Maturity Model Certification (CMMC), MSPs will be able to get recognized by vendors in a more cost and time-effective manner.
CISOs looking for trusted partners would be well advised to look out for such badges of assurance and trust. But above all, it’s about finding a true partner rather than one that views each customer in purely transactional terms, said Forrester’s Pollard.
“Make sure your channel partner is working best for you, not just working the best incentives. Find a partner that will articulate clearly which technologies they prefer, why they prefer those technologies, how long they’ve worked with them, and how many implementations they’ve performed for clients based on that technology,” he concluded.
“Make sure the channel company is transparent and talks about the pros and cons of what they are recommending.”