RESEARCH
How MSPs Can Lead Clients Through CMMC Implementation
Introduction With the Department of War (née Department of Defense)’s Implementation of CMMC 2.0 now set to begin on November 10, 2025, MSPs have a strategic window to position themselves as trusted cybersecurity and compliance partners. Many of your existing ...
Cyber Compliance
New California Audit Law Just Put Your MSP on the Hook. Here’s How to Turn It Into Recurring Revenue
If your clients process sensitive data, your MSP is now part of the legal conversation. On July 24, 2025, California finalized new rules that require businesses processing high-risk personal information to undergo annual, independent cybersecurity audits. This isn’t just for ...
Why You Might Want to Reconsider Your WISP for Every Single Client
Why This Isn’t Just About Checking a Compliance Box If you’re running an MSP, you’ve probably heard about Written Information Security Plans (WISPs). Maybe you’ve even created one—for certain clients, in certain industries, under certain regulations. But here’s the question: ...
The Dangerous Compliance Shortcut That Could Put Your MSP on the Hook for Negligence
Imagine sitting across from your best client. They tell you they’ve found a company that can build out their entire HIPAA compliance program in under three days. No heavy lifting. Fully automated. ...
Cyber Liability
You’re Using Your Smartest Engineer Wrong (And So Are Your Clients)
What if I told you that you’re misusing the most powerful engineer on your team? No, not Josh. Not the guy with the beard who still thinks ZFS is the answer to everything. I’m talking about AI. And right now? ...
What a New Lawsuit Can Teach Us About Cyber Liability and Documentation
When a cyber insurance provider sues vendors after a ransomware incident, it’s not just about fault—it’s about proof. In Ace American Insurance Co. v. Congruity 360 and Trustwave, we see how courts allocate responsibility—and why the side with the best ...
Why Plaintiff Attorneys Are Watching Your Breaches—And Why You Can’t Hide
Managed Service Providers (MSPs) sit at the heart of their clients’ IT and cybersecurity. But when it comes to data breaches, MSPs often underestimate who’s paying attention. It’s not just regulators and customers—it’s also plaintiff attorneys eager to file class-action ...
Insurance & MSP Liability
You’re Not Insured. You’re Just Hopeful.
So there I am, wrapping up a conference session—over 1,000 MSPs in the building—and one guy comes up clutching a fresh copy of Standardized like it’s a fire extinguisher in a server room. He’s nodding along, clearly rattled in all ...
Your MSP Carries More Risk Than a Magazine Stand—and That’s a Problem
Let’s talk about airport gift shops for a minute. You know the ones—tiny kiosks with $14 neck pillows, expired jerky, and three copies of Men’s Health no one’s ever going to read. Now, tell me—how much sensitive data do you ...
If You Don’t Own the Security Stack, You’ll Be Replaced
There’s a quiet shift happening in the cyber insurance world—and if you’re not talking to your clients about it, someone else is. That someone is their insurance provider. And they’re not just selling policies anymore. They’re selling cybersecurity solutions too. ...
More Articles
The Ice Cream That Cost Him a Client (And Made Him Thousands)
I was having an ice cream cone with the owner of an MSP recently. Yes—ice cream. I’m a fan. Anyway, we’re talking shop, and he drops this bomb on me: “Bruce, your team ran a pen test on one of ...
WARNING: Why Your Clients’ AI Habits Could Become YOUR Legal Nightmare
If you think AI tools like ChatGPT are harmless for your clients, think again. Last week, Sam Altman—the CEO of OpenAI—publicly warned that conversations with ChatGPT are not covered under legal privilege. People using ChatGPT as a “therapist” or “confidant” ...
Stop Handing Hackers the Keys: Why CVSS 8.2 Credential Leaks Just Made Legacy Scanning Obsolete
When two high-risk CVEs (CVE-2025-32353 and CVE-2025-32354) hit last week, the message was loud and clear: the way most MSPs perform security assessments is no longer just outdated—it’s risky. These vulnerabilities revealed that some widely used scanning tools store administrative ...
Tribal Knowledge Will Sink Your MSP: Why “Sorta Documented” Is a Lawsuit Waiting to Happen
There is a silent killer inside most MSPs. It is not ransomware. It is not an unpatched firewall. It is not even a missed backup. It is tribal knowledge. Walk into any MSP and you will see the same thing. ...
Business Risks in 2025: When Tools Fail, What’s Next
Meta Description (≈155 characters): Every tool your business relies on can fail. In 2025, risk assessments and planning for disruptions are essential to protect revenue and reputation. In business, tools are everywhere. They are the systems, services, and partnerships we ...
Is Your Business Ready to Defend Its Cybersecurity Program?
You probably think your business is covered when it comes to cybersecurity. You’ve got IT support. You have tools in place. You’re investing in the right software. But if a regulator, auditor, insurer—or worse, a lawyer—asked you tomorrow to prove ...
Your PSA Won’t Save You From a Breach
I had dinner the other night with one of our partners. Great guy. Smart. Ambitious. Doing all the right things to grow his MSP… except one. He’s rebuilding his PSA. And his RMM. At the same time. Which sounds productive—until ...
Cyber Disasters Are Coming—Will Your Clients Be Ready?
Before the Guadalupe River surged 33 feet in Texas this past July, the alerts were already out. Phones buzzed. Radios screamed. ...
Who’s Going to Pay When the Lawyers Show Up? (Hint: Probably You)
Look, I’ll make this simple. You didn’t build your MSP so some lawyer could come along and tear it to pieces. Or so some regulator could slap you with fines that would make your next quarterly tax bill look like ...
Your Guest Users Could Be Your Biggest Threat—Here’s Why
Collaboration is the heartbeat of your business. It’s how deals get done, how partners stay aligned, and how you keep growth on track. But the same tools that let you collaborate might also be the fastest way to burn your ...
Why Smart CEOs & CFOs Document Every Tech Decision
What’s the cheapest, most effective way to protect your business from a cyber disaster, insurance denial, or legal attack? Write stuff down. Seriously. If you're making decisions about IT security, risk, or compliance—and especially when you're turning down recommendations—documenting the ...
The Day They Found Out Their Insurance Was Useless
It happened again. Last Monday morning, 7:44 AM. The office lights flicked on, the smell of burnt coffee filled the breakroom—and every single computer screen was black. Everything was locked down by ransomware. Hackers had another successful weekend. They did ...
