U.S. Cyber Policy Shift: MSPs Face New Threats, Talent Retention Challenges, and IPO Market Decline

[00:00:02] It's Tuesday, March 4th, 2025, and I'm Dave Sobel. Three things to know today. U.S. Cyber Policy is shifting and providers may need to step up as the government focus changes. IT service providers are hiring, but can they keep their new talent? And MSP platform IPOs? The market says no. Enable Stock Drop tells the story. This is the Business of Tech.

[00:00:28] In a significant policy reversal, U.S. Cyber Command has been ordered to halt all planning against Russia, including offensive digital actions, under the direction of Defense Secretary Pete Hedgett. This marks a dramatic change from the last decade, where Russia was consistently viewed as one of the top cybersecurity threats. According to reports from cybersecurity outlet The Record, three anonymous sources familiar with the situation confirmed the order, which reportedly does not be the case.

[00:00:57] will not affect the National Security Agency. As recent memos circulated within the Cybersecurity and Infrastructure Security Agency indicating new priorities, they notably omitted any mention of Russian threats, focusing instead on threats from China and other adversaries. Sources expressed concerns that the U.S. may be vulnerable with one stating, quote, people are saying Russia is winning, end quote. Meanwhile, the new Director of National Intelligence, Tulsi Gabbard, recently dismissed around 100 employees from the National Security Agency

[00:01:26] for misconduct, further complicating the landscape of U.S. Cybersecurity Agency for misconduct, further complicating the landscape of U.S. cybersecurity efforts. stating that any claims to the contrary are false and jeopardize national security.

[00:01:50] This comes after the allegations from The Guardian that CISA analysts were instructed not to report on Russian threats, which CISA refuted. Lawmakers from both parties have reacted strongly, with Senate Majority Leader Chuck Schumer criticizing the administration for potentially weakening the nation's cyber defenses against Russia amidst ongoing ransomware attacks attributed to Russian cybercriminals.

[00:02:12] The founder of the National Society of IT solution providers, Carl Palachuk, voiced strong objections to recent changes made by the Trump administration to the Cybersecurity and Infrastructure Security Agency. Speaking at the Exchange March 2020 event in Orlando, Florida, Palachuk emphasized four critical requests to reinstate CISA advisory committees, limit cuts to CISA that ensure user security, maintain the agency's focus on client safety,

[00:02:40] and prevent the transfer of CISA responsibilities to the Department of Transportation. Palachuk warned that the changes could compromise the security of technology users. He also highlighted the growing inevitability of federal and state regulation for solution providers, stating that current oversight is minimal. He urged industry participants to engage in the legislative process, suggesting that clearer guidelines are necessary for managed service providers and managed security service providers.

[00:03:07] Palachuk noted that about 20 states have already implemented privacy regulations impacting solution providers and their customers. He anticipates further regulations in the future, particularly regarding consumer rights in the era of artificial intelligence. Why do we care? I think Carl spelled out why we care. This all impacts the cybersecurity of customers. Consider for a moment this. You want to secure your customers, not sell them more tools.

[00:03:36] This is a real balance to strike. If federal policy shifts away from prioritizing Russia's cyber threats, the industry may have to adapt independently. From an IT service provider's perspective, the implications are twofold. First, if the government deprioritizes certain threats, MSPs and MSSPs may have to step in and fill the gap. Russian cyber criminal groups remain highly active. And if federal agencies scale back focus, private sector defenses may become even more critical.

[00:04:06] Second, regulatory changes are coming whether solution providers are ready or not. Palachuk is right. State-level privacy laws are already in play and more are inevitable. So what's the takeaway? If you're an IT service provider, be proactive. Stay ahead of threats, regardless of shifting government priorities, and engage with legislative processes that will shape how you do business. The days of passive compliance are over. Security and regulation are becoming defining factors in IT services.

[00:04:38] This episode is supported by Comet Backup. As IT providers, we've all been there. The phone rings. Your largest client is absolutely panicked. They need you to restore their data as soon as possible. That's where Comet Backup comes in. Comet is an all-in-one backup solution designed specifically for IT professionals. Whether you need to protect computers, servers, virtual environments, emails, or databases, Comet Backup empowers you to manage backups on your terms. You choose where the data is stored.

[00:05:06] Backup to local on-prem storage or any of the leading cloud providers. Visit CometBackup.com to start your free 30-day trial today. Get $100 free credit when you sign up with the promo code MSPRADIO. Comet Backup. The backup solution that MSPs trust. Service Leadership Incorporated, a ConnectWise company, has released its 2025 Annual IT Solution Provider Compensation Report.

[00:05:33] This report offers insights into compensation data and best practices. Key findings indicate that wage inflation peaked in 2022 but has since improved, with only a quarter of employees expected to receive top-level increases in 2025 compared to 2022. The report reveals that top-performing managed service providers provided lower compensation increases than their lowing performer counterparts in 2024.

[00:05:59] Additionally, remote work remains limited in the industry, with just under 10% of employees working fully remotely. Employees with 1-3 years of experience have a 3 times higher FTE churn rate compared to employees with 8 or more experiences. And Enable has released its second annual MSP Horizons Report in collaboration with Canalys, revealing a positive growth outlook for managed service providers.

[00:06:25] The report indicates that 59% of respondents expected to increase their overall revenue by 20% or more in 2025, while nearly 40% anticipate over 20% profit growth. Cybersecurity remains a critical focus, with 90% of respondents predicting sales growth in that area. AI adoption is maturing with more attention to governance and risk management. Only 6% of respondents are not using any generative AI.

[00:06:50] 40% have generated data governance rules and designed guidelines for human oversight. The biggest AI use cases are for building workflow automations and automating the sales and ticketing process. 90% of those surveyed are interested in M&A, with specific growth tactics, acquiring new skills and or regions, the main motivator, up from 44% last year. M&A drivers include the determination to improve competitiveness via expansion in new regions, verticals, or other niches.

[00:07:20] Now why do we care? The high churn rate for employees with 1-3 years of experience is a flashing red light. It suggests that MSPs struggle to retain early career talent, reinforcing the need for better onboarding, career progression paths, and cultural investments. Given the limited role of remote work in IT services, it also underscores that MSPs must compete on workplace environment and benefits, not just salaries.

[00:07:46] Retention, compensation, and training strategies should be a top focus, especially for early career hires. Growth won't just come from adding services. It'll require differentiation, particularly in cybersecurity and AI governance. 90% considering acquisitions is staggering. This signals that providers who aren't growing organically may look for partners or acquisition targets.

[00:08:10] If you're not thinking about how M&A affects your positioning, you should be, even if you aren't a buyer or seller. Even mid-sized and smaller MSPs need an M&A strategy, whether it's being acquired, merging, or defending market position. And speaking of Enable, they had their earnings call. Enable CEO John Pagliuca reported a 7% year-over-year revenue growth in the fourth quarter of 2024, reaching $116.5 million.

[00:08:40] The company has successfully transitioned over 50% of its revenue to annual contracts. The integration of the AdLumen acquisition is expected to strengthen security and endpoint management services. The revenue growth is a year-over-year growth of 7.5%. For the full year, Enable generated a total revenue of $466.1 million, exceeding estimates and reflecting a 10.5% increase from the previous year.

[00:09:07] The company also ended the year with an annual recurring revenue of $482.5 million, showcasing an 8.6% growth. Despite strong revenue growth, Enable reported a net income of $3.3 million for the quarter, down significantly from $9.4 million the previous year.

[00:09:27] Enable saw its stock price plummet by over 25%, dropping $2.56 to trade at $7.43, hitting a new 52-week low on Monday. Enable shares have fluctuated between $7.11 and $15.48 over the past year. In response, several analysts adjusted their price targets for the stock, with Royal Bank of Canada lowering its target from $50 to $12. BMO Capital has lowered the price target to $8.50.

[00:09:56] Enable has a market capitalization of approximately $1.34 billion and a price-to-earnings ratio of $36. Why do we care? Disclosure, I'm an Enable shareholder. Although I do predict they will go private. Profits down. But here's why they care. Providers keep talking about MSP software companies targeting an IPO, in particular Kaseya. This is fantasy.

[00:10:22] The market is rejecting MSP businesses and has done so even when the market is good, i.e. Datto. Enable isn't making a strong case for them. The idea that MSP-focused software companies are IPO material is wishful thinking at best. Enable's numbers aren't bad. They beat revenue expectations and are shifting toward annual contracts for more predictable cash flow. But the market still hammered them with a 25% stock drop and major analyst downgrades.

[00:10:51] The real story here is that profitability isn't where it needs to be for public markets to see value. If you're an MSP wondering where the next big wave of innovation will come from, it's not from public market-driven competition. It's from private equity consolidation and cost-cutting. The real trend is going private. Private ownership allows these companies to focus on squeezing more revenue out of existing customers rather than chasing new public investors. The dream of an MSP software IPO resurgence is dead.

[00:11:20] MSPs should be focusing on resilience, vendor risk management, and strategic alignment with companies that actually prioritize service providers, not just investor returns. This episode is supported by Flexpoint. Flexpoint offers a purpose-built payment solution from managed service providers, automating billing operations to enhance efficiency and cash flow.

[00:11:43] With features like accounts receivable automation, branded client portals, and secure same-day payments, Flexpoint streamlines financial management. Integrations with accounting software such as QuickBooks and Xero, as well as professional services automation tools like ConnectWise and Autotask, ensure seamless data synchronization. Experience improved cash flow and client satisfaction with Flexpoint's comprehensive platform.

[00:12:08] Learn more at getflexpoint.com slash msp-radio. Thanks for listening. Today is National Grammar Day. I do like that one. I make sure to use grammar even in my texting. It's also International Game Master Day. If you know, you know. Nerdy Ocon will be held in Palm Springs, California from April 7th through 9th. Visit nerdyocon.com to learn all about it.

[00:12:34] The Business of Tech is written and produced by me, Dave Sobel, under ethics guidelines posted at businessof.tech. If you've enjoyed the show, make sure you've subscribed or followed on your favorite platform. It's free and helps directly. Give us a review, too. If you want to support the show, visit patreon.com slash msp-radio and you'll get access to content early. Or buy our Why Do We Care merch at businessof.tech.

[00:13:03] Have a question you want answered? We take listener questions, send them in, ideally as a voice memo or video to question at msp-radio.com. I answer listener questions live on our Wednesday live show on YouTube and LinkedIn. If you've got a comment or a thought on a story, put it in the comments if you're on YouTube or reach out on LinkedIn if you're listening to the podcast. And if you want to advertise on the show, visit mspradio.com slash engage.

[00:13:31] Once again, thanks for listening and I will talk to you again on our next episode. Part of the MSP Radio Network.