Ziad Nasr, General Manager, Acronis Middle East, tells us how effective security awareness training is emerging as a critical revenue stream and risk mitigator for MSPs in the Middle East — helping them reduce breaches caused by human error, strengthen client relationships, meet compliance requirements, and stand out in an increasingly competitive cybersecurity landscape.
The conversation around channel evolution has been ongoing for years, with resellers and service providers urged to level up their value propositions. Many have done just that — traditional box movers are a rarity in today’s ecosystem. Nowhere is this transformation more evident than in the managed services space.
Managed Security Service Providers (MSSPs) have adapted to offer comprehensive cybersecurity solutions that meet the demands of an ever-evolving threat landscape. It’s a compelling business model — one that aligns perfectly with the growing need for organisations to outsource their security operations to specialists. However, the widespread adoption of managed security services has also created a critical misconception among end-customers: that outsourcing security means they can be entirely hands-off.
The Human Factor in Cybersecurity Challenges
Many organisations assume that by engaging an MSP, they are delegating full responsibility for security. The reality, however, is far more complex. No MSP, regardless of its expertise or technology stack, can fully defend an organisation if employees are not following security best practices. Humans remain the weakest link in cybersecurity, and the numbers back this up. Studies consistently show that human error accounts for the majority of breaches — through phishing, weak passwords, or inadvertent insider threats.
For MSPs, this creates a significant challenge. They are expected to provide seamless, end-to-end protection, yet they often find themselves cleaning up after avoidable incidents caused by poor security hygiene. This not only strains resources but can also lead to difficult conversations with clients who may mistakenly hold their MSP responsible for breaches. Even with the best security tools in place, the lack of user awareness can render an organisation vulnerable.
Awareness Training as a Revenue Stream and Risk Mitigator
This is where security awareness training emerges as a game-changer. Not only does it address a fundamental security gap, but it also offers MSPs a lucrative and sustainable revenue stream.
When MSPs provide structured and effective security training, they significantly reduce their own operational burdens. Well-trained employees are less likely to fall for phishing scams, click on malicious links, or mishandle sensitive data. The result? Fewer security incidents, lower remediation costs, and a stronger overall security posture for clients.
Beyond risk reduction, offering security awareness training enhances client relationships. MSPs that proactively educate their customers demonstrate added value and reinforce their role as trusted advisors rather than just service providers. This fosters long-term client retention, deepens engagement and positions the MSP as an indispensable partner in cybersecurity. Additionally, when security operations are effective, they often fade into the background and are taken for granted. Security training provides key stakeholders within client organisations with visibility into the good work being done by the MSP, ensuring that their efforts are recognised and appreciated.
Moreover, security awareness training is increasingly a prerequisite for cyberinsurance policies. Many insurers require organisations to implement ongoing training programmes as a condition for coverage. It is also an increasingly common component of compliance and regulatory frameworks. MSPs that offer training can help clients meet these requirements while reinforcing the broader business case for security investment.
What Makes Security Awareness Training Effective?
While the benefits of security awareness training are clear, its effectiveness depends entirely on how it is delivered. The traditional approach — long-winded, text-heavy modules or generic video-based training — has proven to be largely ineffective. Employees either disengage or fail to retain critical information.
Effective security training should be engaging, interactive, easily accessible and tailored to real-world threats. Employees absorb and apply information more effectively when training is delivered in short, digestible segments rather than lengthy sessions. Real-world simulations, such as phishing exercises, help employees recognise and respond to threats in a practical setting, reinforcing vigilance through repeated exposure. Incorporating gamification and incentives encourages participation and improves retention of security best practices. Training should also be customised to industry and job roles, as different positions face unique threats, making a tailored approach far more impactful. Finally, security awareness programmes must be on-going and adaptive, evolving alongside cyberthreats to ensure employees remain prepared for the latest attack techniques and defensive measures.
A Crucial Offering for MSPs in the Middle East
For MSPs in the Middle East, integrating security awareness training into their service portfolio is more than just a smart business move — it’s becoming a necessity. The region has seen an uptick in cyberthreats, particularly as organisations embrace cloud computing, hybrid work and Digital Transformation. Regulatory frameworks are also evolving, with governments placing increasing emphasis on cybersecurity compliance, consumer privacy protection and resilience.
By providing security awareness training, MSPs can align with these regulatory expectations while simultaneously enhancing their own business resilience. Clients who understand security risks are not only easier to protect but also more likely to appreciate and invest in the broader security solutions MSPs offer.
At a time when cyberthreats continue to escalate, and businesses seek comprehensive protection, security awareness training offers MSPs an opportunity to differentiate themselves, drive new revenue, and create lasting value for their clients. In the battle against cybercrime, knowledge is power — and for MSPs, it’s also a competitive advantage.
