"Managed security service providers (MSSPs) are a vital part of the cybersecurity ecosystem, often serving as the first, and sometimes the only, line of defense across multiple clients. Their role is also growing in importance, largely due to the persistent global skills shortage. However, new benchmarking data reveals blind spots that could limit their strategic value. Hack The Box's Global Cyber Skills Benchmark 2025 analyzed nearly 800 teams and more than 4,500 participants worldwide."
"While MSSP teams performed strongly in OSINT (64.5%) and forensics (62.8%), they lagged in preventive and offensive disciplines such as secure coding (18.7%), web security (21.1%), and adversary emulation. The results, which were mapped to the MITRE ATT&CK framework, show a clear imbalance. Although MSSPs are great at detection and response, they are falling short in prevention and protection. Detection is obviously an essential skill, but it's reactive only."
"The MSSP operating model generally includes standardised tooling, multitenant platforms, and is built for speed and efficiency, but it lacks depth. The problem is that detection scales easily, while prevention needs context-specific expertise and secure engineering fluency. When it comes to prevention tools, they alone can't compensate for missing skills. And that's why capability, not tooling, is now the main differentiator for an MSSP."
Global benchmarking of nearly 800 teams and over 4,500 participants shows MSSP teams score highly in OSINT (64.5%) and forensics (62.8%) but poorly in secure coding (18.7%), web security (21.1%) and adversary emulation. Mapping to the MITRE ATT&CK framework reveals a strong detection and response orientation with shortfalls in prevention and protection. The MSSP operating model favors standardized tooling and scale, which enables detection but lacks depth and secure engineering fluency needed for prevention. Prevention tools alone cannot compensate for missing skills. Continuous Threat Exposure Management (CTEM) reframes effectiveness toward risk removed and provides scoping, simulation, control validation, and measurable improvement.
Read at ChannelPro
Unable to calculate read time
Collection
[
|
...
]