ArmorPoint and Computer Integration Technologies (CIT) just announced a strategic partnership that expands CIT’s security capabilities across managed IT and SOC-as-a-service. It’s a move that reflects where the market is heading, highlighting that cybersecurity is no longer a bolt-on to IT services, but a crucial component. Given the critical nature of IT infrastructure, services, and applications today, it may not be a stretch to say cybersecurity has actually become the cornerstone of digital business that drives availability, trust, and compliance.
The numbers bear this out. IBM’s 2025 Cost of a Data Breach report estimates the global average breach at $4.44 million. At same time, there’s a widening gap between AI adoption and AI governance, with 13% of organizations reporting breaches involving AI models or applications, and a striking 97% of those lacked basic AI access controls. What’s more 63% of organizations say they have no AI governance policies in place to manage AI or prevent shadow AI. The point is that, as AI use continues to grow, appropriate security guardrails are needed.
Threat dynamics are intensifying across the board, resulting in a significant impact on smaller enterprises – businesses that rely on MSPs. Verizon’s 2025 DBIR shows ransomware in a large share of breaches and disproportionately impacting SMBs. This is clear evidence that endpoint hardening, identity security, resilient backups, and rapid detection/response are now table stakes rather than “nice to have” tools and services. Rather, MSPs should be strengthening their cybersecurity portfolios, like CIT is.
“CIT already brings a strong suite of cybersecurity solutions to its customers, and our partnership is about building on that foundation,” said ArmorPoint CEO David Trapp. “This partnership will not only allow businesses using CIT’s platform access to an enhanced suite of cybersecurity solutions, but the ability to tailor these solutions to fit their unique risk profile.”
The MSP’s perspective tells a similar story. As CIT’s Director of Cybersecurity Nate Schmitt noted, “Having a US-based SOC that provides reliable, 24/7 service at an affordable price is a true differentiator. This is especially important for our regulated customers.”
This relationship highlights the idea that MSPs really must lead with security today. Not only is the threat landscape massive and expanding, but the talent gap is real, which makes ensuring consistent and reliable security in-house a major challenge – not to mention that MSPs tend to lack the resources to do it, even if they wanted to.
MSPs that productize security as a program, rather than a stack of point solutions, can deliver security at a far greater scale and with greater reliability than their customers. That includes continuous monitoring and response, identity and access management, data resilience with tested recoveries, and governance or vCISO services that convert security strategies and frameworks into live implementations with measurable ROI.
Insurance markets, too, are reinforcing this shift towards a security-first mindset. Underwriters increasingly condition coverage and pricing on demonstrated controls, including MFA, employee training, reliable and tested backups, and more. In doing so, they are pushing security from discretionary spend into operational mandates. MSPs that package these controls into reference architectures make it simpler for clients to qualify for coverage and prove resilience during renewals and claims.
The commercial opportunity is substantial. SOC-as-a-Service alone is projected for strong double-digit growth through the decade, reflecting demand for round-the-clock detection, threat hunting, and rapid response without customers having to build and manage their own SOCs. That revenue is sticky and margins improve with scale. For MSPs, the value increases further when they align services to security frameworks (like NIST CSF 2.0 and its newest function, “govern,” which focuses on cybersecurity governance and risk management), insurer controls, and audit evidence. Partnerships like the one between ArmorPoint and CIT are an example of this in action, where the MSP stays close to the client and remediation while a specialized SOC partner delivers the telemetry, analytics, and incident handling that must be available 24/7/365.
At the end of the day, this all leads to a relatively simple theory: Cybersecurity should be treated as the as the IT operating system. It should be governed from the top, engineered across the entire IT landscape, and include measurable metrics, such as time-to-detect, time-to-contain, backup integrity, and audit readiness, among others. MSPs should package cybersecurity as a holistic program and tie it to insurance controls, and engage partners that enable easy scalability. With that approach, they can reduce client risk and improve their security postures, differentiate their own services, and capture a larger share of the market that is inevitably tied to cybersecurity. It’s not that network management, communications, and other traditional MSP services aren’t needed – they certainly are. But, in today’s climate cybersecurity outweighs and impacts all other IT needs.
Edited by
Erik Linask
