Security teams are under constant pressure to move faster without giving up control, but in many organizations, access requests, approvals and credential workflows still live outside
Managed service providers have never had more influence over their customers’ security outcomes. Every day, MSPs make decisions that affect how organizations authenticate users, secure privileged access, recover from ransomware, manage sensitive data and defend against the latest cyber threats. Their managed companies continue to rely on those decisions as they generally lack the internal resources to evaluate them.
That trust creates tremendous value. And it also creates heightened accountability.
For years, MSPs primarily assessed vendors based on functionality, integration capabilities, ease of deployment and support. Security was definitely a consideration, but often one of many factors influencing a new purchasing decision. Today, the stakes are different.
Cyber attacks have become more costly, threat actors are more sophisticated and small and medium-sized businesses are facing increasing pressure from regulators and insurers to demonstrate effective cybersecurity practices.
At the same time, organizations impacted by cyber incidents are examining not only how attackers gained access, but whether trusted vendors did their due diligence to help prevent it. The implications are clear: Choosing technology partners has become much more than a procurement decision. It is now shaped by security requirements, business outcomes and risk-management priorities.
Every security vendor an MSP introduces becomes part of that customer’s defense strategy. Every password manager, backup solution, remote access platform, identity provider and privileged access tool is another layer of trust. When those technologies perform as expected, they help organizations reduce risk. When they fail, the consequences can be severe.
For MSPs managing dozens or even hundreds of client environments, selecting the right technology partners may be one of the most important security decisions they can make.
The unique cybersecurity risks MSPs face
Modern attackers don’t just look for vulnerabilities; they look for force multipliers. Rather than targeting organizations one at a time, many threat actors pursue trusted relationships that can provide access to many downstream environments. And MSPs represent that exact type of opportunity.
A typical MSP may manage infrastructure, identities, endpoints, backup systems, remote access tools and security controls across dozens or hundreds of customer environments. Compromising a service provider can create consequences that extend far beyond a single organization.
According to Verizon’s 2025 Data Breach Investigations Report, third-party involvement in breaches doubled to 30%, while credential abuse remained one of the leading initial access vectors at 22%. Meanwhile, IBM’s 2025 Cost of a Data Breach Report found that the average U.S. data breach now costs $10.22 million. For MSPs responsible for protecting distinct client environments, these trends underscore the growing need for vendor due diligence, identity security and privileged access controls.
Taken together, these findings highlight a reality MSPs understand well: Attackers don’t always break in. A lot of the time, they just log in.
Because MSPs sit at the center of so many trusted relationships, the security posture of every vendor in the stack matters. Whether a weakness exists in a backup platform, remote access solution or identity management system, the downstream impact can extend across countless client environments.
The larger the customer base, the greater the consequences.
What recent cybersecurity lawsuits mean for MSP accountability
Perhaps the most significant shift in cybersecurity is that organizations are increasingly examining who should be held accountable after a breach. Greater emphasis is being placed on whether reasonable security controls were in place before an attack. And that scrutiny is extending beyond threat actors and reaching the vendors, consultants and service providers hired to protect these environments.
There are several recent cases that illustrate this movement.
As reported by CSO Online, Clorox is seeking approximately $380 million in damages from Cognizant. Clorox claims that failures involving identity verification and credential reset procedures contributed to a cyber attack that significantly disrupted operations.
What makes this case stand out is that the allegations focus on identity verification rather than sophisticated technical exploits. The complaint centers on whether appropriate measures were in place to accurately verify users before granting access. Despite the complexity of modern cybersecurity, a simple breakdown in identity verification may have created an ideal opportunity for the attack.
The MSP community has also witnessed litigation that directly involved service providers and their technology partners. According to an article by ChannelE2E, the Sacramento-based law firm Mastagni Holstedt sued both its MSP, LanTech, and its backup vendor, Acronis, following a devastating ransomware incident. The lawsuit sought more than $1 million in damages, raising concerns about the technologies and recovery capabilities deployed.
Whether the defendants ultimately prevail is not the key takeaway. The more relevant point is that the lawsuit was filed at all. The end client didn’t simply focus on the attackers. Instead, the law firm took a deeper look at the organizations entrusted with helping prevent and recover from the incident. Reinforcing the trend, BleepingComputer reported that Marquis Software Solutions sued SonicWall after a ransomware incident allegedly linked to a compromise of backup appliances.
Taken individually, these cases involve distinct technologies, industries and circumstances. Collectively, though, they share a recurring theme: Organizations expect the vendors and service providers they trust to prove that effective security measures were in place before any incident. Keeper’s General Counsel, David Oskin, reaffirms:
The legal and regulatory environment for MSPs has become increasingly complex, elevating the importance of litigation preparedness and risk management.
While details from each allegation differ, they all revolve around trust. More importantly, the underlying question remains: Could these providers have done more to reduce risk for their clients?
Organizations rely on vendors to protect sensitive data. They trust service providers to implement necessary safeguards. They trust security technologies to perform as expected during a crisis. When that trust is broken, every decision that contributed to the organization’s security posture comes under scrutiny.
Why identity security comes first for MSPs
One reason the Clorox case attracted so much attention is that it illuminates a broader industry challenge: Identity has become the primary battleground in cybersecurity.
For a long time, organizations focused heavily on perimeter defenses designed to keep attackers out. Modern threat actors have adapted in recent years. Instead of attempting to bypass security controls directly, they often target the identities that control access to those systems, including but not limited to credentials, privileged accounts, authentication workflows, help desk procedures and access tokens.
When attackers gain access to a trusted identity, they can freely move throughout an environment using legitimate tools and privileges. This helps explain why credential theft, phishing, social engineering and privilege abuse remain among the most common attack techniques observed across industries.
For MSPs, the challenge is amplified. Managing hundreds of customer environments means managing thousands of identities, privileged accounts and authentication events. And every shared administrator credential, unmanaged secret and weak authentication process increases the level of risk.
The organizations that successfully minimize risk are usually the same ones that prioritize identity as a foundational security control versus a standalone tool.
How MSPs should evaluate vendors
Modern cyber threats require MSPs to evaluate vendors more critically and through a security lens. Product features, support quality and ease of deployment all remain crucial components. But security architecture deserves greater consideration.
Before adding a new solution to their stack, MSPs should find out:
-
How is access protected?
- Does the solution support multi-factor authentication?
- How are privileged accounts secured and secrets managed?
-
Does the architecture follow zero-trust principles?
- Can access be restricted based on least privilege?
- Are administrative actions controlled and monitored?
-
Has security been independently validated?
- Does the vendor maintain recognized security certifications?
- Have independent audits been conducted?
-
What does the vendor’s recovery process look like?
- How quickly are security issues addressed?
- How transparent is the organization about incidents?
-
How is customer data protected?
- What encryption standards are used?
- What controls exist to prevent unauthorized access?
Ultimately, the answers to these questions separate vendors that simply market security and those that build it into their solutions, architecture and operations.
Why security architecture matters when choosing MSP vendors
The common thread running through today’s most damaging cyber attacks, and much of the scrutiny that follows, is access. For MSPs, that makes identity security a core factor when choosing technology partners.
Keeper® was built to protect the credentials, privileged accounts and identities attackers target most often. Through its zero-knowledge security architecture, enterprise password management, privileged access management, secrets management and endpoint privilege management capabilities, Keeper helps organizations minimize identity-based risk before attackers can exploit it.
For MSPs, that means greater visibility into privileged access, stronger protection for credentials and more confidence that they’re recommending a platform designed to help protect every customer environment they manage.
A higher standard for vendor selection
Every vendor an MSP introduces becomes an extension of its own security strategy. Customers may never know why a particular solution was chosen, but they’ll certainly experience the consequences if that choice falls short.
In an era of growing cyber risk, vendor selection isn’t just about comparing features, pricing or ease of deployment. It’s about picking partners with the security architecture, identity protections and operational maturity needed to withstand modern cyber threats.
As those threats evolve and accountability grows, the vendors MSPs select will help determine the resilience of every client environment they manage.
Start your free trial of KeeperMSP® today to leverage a platform with robust zero-knowledge encryption and advanced security features built to protect your clients.