Europe's Vulnerability Database Launches as U.S. Cybersecurity Falters; AI Adoption Trends Revealed

[00:00:02] It's Tuesday, May 14th, 2025 and I'm Dave Sobel. Four things to know today. Europe launches its own vulnerability database as U.S. Cyber's transparency is faltering. Executives pushing towards autonomous AI but delivery lags. MSP focused tools rolling out across security, finance, and vendor opportunities. And Gardner urges smarter, not faster, patching strategies. This is the Business of Tech.

[00:00:28] The European Vulnerability Database, or EUVD, is now fully operational, providing a crucial platform for monitoring critical security flaws at a time when the United States faces significant challenges in its cybersecurity funding and management. The database aims to enhance transparency and provide essential information on vulnerabilities, as stated by the Executive Director of the European Union Agency for Cybersecurity.

[00:00:54] Launched following a mandate from the EU's Network and Information Security Directive, the EUVD is designed to address the gaps left by the United States' Common Vulnerabilities and Exposures Program, which has struggled with budget cuts and operational delays. The EUVD not only identifies disclosed bugs, but also provides real-time updates and highlights critical vulnerabilities, ensuring that users have access to the latest information on security risks. This initiative comes in a

[00:01:24] response to the response to the growing concerns about the effectiveness of the U.S. The EUVD represents a significant step in improving vulnerability management within the European Union, offering a contrast to the ongoing issues faced by the U.S. system. Why do we care? Why do we care?

[00:01:51] Well, the launch of the European Vulnerability Database matters because it highlights a strategic divergence in cybersecurity posture between the EU and the U.S., one that may have direct implications for MSPs, IT service providers, and their customers. If U.S.

[00:02:06] If U.S. vulnerability reporting continues to deteriorate, we could see global security tooling and threat feeds pivot toward EUVD as a primary source. For providers, this would mean re-evaluating the sources powering threat detection and patch prioritization, particularly if vendor feeds begin integrating EUVD more directly.

[00:02:26] Now, tooling and integration still lag. CVE is deeply embedded in scanners, SIMs, and vulnerability management platforms. It will take time and vendor cooperation for EUVD to see wide adoption. If EUVD simply duplicates CVE data for now, its value may be marginal unless it consistently offers faster, more accurate, or exclusive disclosures.

[00:02:49] The EUVD represents a strategic investment in security visibility just as the U.S. is visibly retreating from transparency. This has practical implications for MSPs. Expect shifting best practices in patch management, compliance frameworks, and reporting standards. Staying CVE only may soon look like standing still.

[00:03:10] If the EU can centralize, update, and disclose in near real-time, why can't the U.S.? And how long will customers accept that answer? This episode is supported by AFI.AI, MSP-focused backup reliable at petabyte scale. AFI.AI delivers intelligent backup for Microsoft 365, Azure, Google Workspace, Kubernetes, and AWS.

[00:03:38] Its AI engine is designed to detect threats and act before damage is done. It performs preemptive backups during ransomware attacks where immutable snapshots ensure data integrity. AFI.AI is the only solution offering full-text search across backups. It also features single management portal to manage all clients and workloads, granular access roles, automated reporting, and APIs for integrations.

[00:04:06] Administrators can restore entire accounts or individual items with a single click, and cross-tenant recovery simplifies migrations between domains. With AFI.AI, organizations gain faster, more reliable protection and unparalleled visibility into their cloud data. Start your free trial at AFI.AI slash office-365-backup.

[00:04:29] Tech executives are rapidly adopting agentic artificial intelligence, with a recent survey revealing that nearly half of the respondents have already begun implementing such systems in their organizations. The Technology Pulse poll conducted by Ernest & Young found that about 50% of tech leaders anticipate their internal artificial intelligence operations will be fully autonomous within the next two years. The survey, which included over 500 technology leaders, indicated that 58% believe their organizations are ahead in AI adoption.

[00:04:59] However, Ernest & Young's America's Technology Sector Growth Leader, Ken Unglund, cautioned that these perceptions may not align with reality, suggesting that companies often overestimate their progress. Despite concerns about potential job losses due to AI, 84% of tech leaders plan to hire more staff in the next six months as they integrate new AI tools, with over half focusing on upskilling their current workforce.

[00:05:26] Notably, data privacy and security emerged as the top concerns for 49% of respondents, reflecting a growing awareness of the risks associated with AI deployment. Executives are heavily investing in artificial intelligence, yet a recent survey by IBM reveals that many are dissatisfied with the returns on those investments. Only 25% of the 2,000 CEOs surveyed reported that their AI initiatives met expectations, and just 16% have scaled AI across their entire organizations.

[00:05:55] Despite these challenges, a significant 85% of CEOs expect positive returns on their AI investments by 2027. However, communication around AI strategies remains weak, with only 15% of U.S. employees feeling their organizations have clearly articulated an AI strategy. As companies continue to invest tens of billions into AI, the path to profitability remains uncertain. And I wanted to share this example.

[00:06:22] AT&T has successfully developed a cost-effective open-source artificial intelligence system to categorize its annual 40 million customer service calls, significantly reducing reliance on expensive models like ChatGPT. The new system, which combines several smaller open-source models, now processes call summaries in under 5 hours, compared to the 15 hours required by the previous method.

[00:06:46] According to Hien Lam, a senior data scientist at AT&T, this innovative approach not only cuts costs by 65%, but also maintains a high accuracy rate of 91%. By using a combination of models tailored to specific tasks, AT&T aims to enhance customer service efficiency while safeguarding user data. Why do we care? Nearly half of tech executives say they're implementing agentic AI, and 50% expect full autonomy in two years.

[00:07:14] But contrast that with IBM's findings. Only 16% have achieved any significant scale. There's a disconnect between ambition and execution. And that's where IT service providers, especially those acting in a strategic role, can step in to bridge the gap between vision and real working systems. The AT&T example is the exception, not the rule. They customized smaller open-source models, targeted a defined problem, those 40 million service calls,

[00:07:42] and achieved a measurable ROI, 65% cost savings, and faster processing. This kind of focused, scope, and data-governed AI deployment is what most organizations lack, and what IT services firms can help deliver. Some interesting product-related news. Koro, a leading cybersecurity platform for SMBs, has launched its new security awareness training module to combat human error and enhance defenses against phishing attacks.

[00:08:09] The module is designed to integrate seamlessly into Koro's existing platform, allowing businesses to mitigate risks without the complexity of additional tools. The security awareness training module features personalized education that adapts to user behavior, providing targeted training based on individual weaknesses. Sophos has launched its MSP Elevate Business Acceleration Program, designed to help manage service providers, expand their cybersecurity offerings, and enhance customer defenses.

[00:08:36] The program includes benefits such as exclusive access to Sophos' managed detection and response service, discounted hardware bundles, and growth-based rebates. The Sophos MSP Elevate Program requires partners to commit to a minimum monthly spend over a 12-month period, and participants must first join the MSP Flex Program to offer Sophos solutions on a monthly billing basis.

[00:09:00] FlexPoint has successfully raised $12 million in Series A funding to enhance its business-to-business payments platform, designed for managed service providers and their small-to-midsize customers. This funding will allow FlexPoint to focus on product development and expand its partner program. Since its inception in March 2023, FlexPoint has amassed a total of $19.5 million in funding. The company's platform currently serves over 40,000 businesses aiming to automate payment processes for managed service providers,

[00:09:29] which traditionally rely on manual methods. Additionally, the company is integrating artificial intelligence into its services, enabling same-day payment processing by assessing transaction risks through advanced technology. StackPack, an intelligent vendor stack management platform, has raised $6.3 million in funding, led by Freestyle Capital, to help businesses manage their growing network of third-party vendors more effectively. The platform aims to tackle the chaos associated with vendor management,

[00:09:58] a $475 billion issue in the U.S. alone, where 25% of spending on third-party software and services goes unused. Founded by Sarah Wyman, a former executive at Etsy and a firm, StackPack provides finance and IT teams with a single source of truth for vendor information, utilizing artificial intelligence to track renewal dates and compliance gaps. The early team includes leaders from notable companies such as PayPal and Google,

[00:10:24] positioning StackPack to meet the increasing demand for automated vendor management solutions, as the number of vendors outpaces the number of employees at many organizations. Currently, StackPack manages over 10,500 vendors and $510 million in spending across more than 50 clients. Why do we care? This batch of product news gives us a directional pulse across key themes in IT services, automation of complexity, strategic enablement for partners,

[00:10:52] and the growing importance of AI-driven operational tools. MSPs need to move deeper into the operational guts of their clients' businesses, security culture, vendor oversight, and finance automation. Vendors are racing to equip MSPs not with just better tools, but with business capabilities that expand their relevance and stickiness. The opportunity is real, but success depends on smart curation, not chasing every shiny object. Strategic providers will win by integrating selectively,

[00:11:20] standardizing operations, and aligning solutions with client pain, not just feature lists. And an early big idea, and it's security-related. In a recent discussion at the Infrastructure Operations and Cloud Strategies Conference, Craig Lawson, Research Vice President at Gartner, suggested that organizations may not need to rush into implementing every security patch that becomes available. He emphasized that most companies struggle to keep up with patching efforts

[00:11:50] and may be misled into believing that accelerating patches is the solution to their security vulnerabilities. Lawson pointed out that only 8-9% of vulnerabilities are actively exploited by cybercriminals, who often target less critical flaws rather than the most severe issues. He noted that the overwhelming number of patches issued can lead to complications, as developers may release new patches for software components that are interdependent. This complexity can result in organizations facing more problems

[00:12:20] without a corresponding decrease in successful cyberattacks. Lawson advocates for a tailored approach that emphasizes collaboration across teams to prioritize patches based on actual security needs. Why do we care? Well, the patching treadmill is unsustainable, especially for resource-constrained environments. Lawson points out a real-world issue. Excessive patching can break dependencies, cause downtime, and distract from higher-priority threats.

[00:12:48] For MSPs juggling multiple stacks across client environments, the real risk is instability from uncoordinated patch application, not just unpatched flaws. Now, misused, this advice becomes an excuse for inaction. Lazy or under-resourced organizations may take don't patch everything to mean don't patch much. That's not Lawson's point. The takeaway is to patch smarter, not slower or less.

[00:13:19] Thanks for listening. Today is National Buttermilk Biscuit Day. Really, that's the only one I need to talk about. If you missed it on the weekend, I want to highlight the interview I had discussing the world of optimizing content for AI, sponsored by SysCloud. This new marketing angle is important to consider for you and your clients, and this interview gives specific guidance on how to implement. It's in your feed and on YouTube. The Business of Tech is written and produced by me, Dave Sobel,

[00:13:48] under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash msbradio, and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech. Have a question you want answered?

[00:14:14] We take listener questions, send them in, ideally as a voice memo or video, to question at mspradio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube, or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit mspradio.com slash engage. Once again, thanks for listening,

[00:14:42] and I will talk to you again on our next episode. Part of the MSP Radio Network.