Hard Truths We Heard About Framework Alignment and Resilience

23 October, 2025

Cyber resilience is no longer optional; it's a competitive edge. As regulations tighten, AI adoption accelerates, and attack surfaces expand across ANZ, many MSPs are realising that checklists and compliance alone won't cut it. The true challenge lies in translating frameworks into measurable outcomes that both protect customers and strengthen long-term business value.

During the recent "Raising the Bar: Building Cyber Resilience Through Framework Alignment" webinar, industry experts Mark Iles, Chief Analyst at Omdia; Henry Yang, Partner Security Architect at Microsoft; Gerald Beuchelt, CISO at Acronis; and Eddie Phillips, Head of Partner Success at Ironscales, unpacked some of the hard truths about what it takes to succeed. The conversation revealed where most MSPs fall short and where the greatest opportunities lie for those ready to evolve.

The Hard Reality About the Opportunity

Iles opened the session with a clear message: frameworks only build resilience when they are applied with intent. Misalignment, misunderstandings, or treating frameworks as tick-box exercises create risk, not readiness. When used strategically, frameworks do more than ensure compliance; they make a shared language of trust between vendors, partners, and customers.

1. Cybersecurity isn't just prevention – resilience matters

Iles challenged the traditional mindset of cybersecurity as purely preventive. True cyber resilience is about preventing, withstanding, and recovering from attacks through proactive planning, ongoing testing, and alignment to clear frameworks.

2. Complexity is growing despite stabilised data growth

While data growth has eased to 26% YoY, most organisations operate in hybrid environments, and 25% don't know which regulations apply to them.
The hard truth: many SMBs are flying blind, creating urgent demand for guidance and education.

3. Compliance doesn't guarantee protection

Two-thirds of organisations claim to have incident response plans, yet only one-third have tested them. Frameworks like Essential Eight, ISO 27001, NIST, and SMB 1001 can bridge this gap, turning compliance into measurable resilience when implemented strategically.

4. The trifecta opportunity: Cybersecurity, AI, Managed Services

SMBs are adopting AI at enterprise-level rates, seeing it as a competitive equaliser. But AI adoption widens the threat landscape and increases demand for specialised skills. With three-quarters of SMBs yet to implement any frameworks or engage a managed security provider, it is a clear signal of both risk and untapped opportunity.

5. A $109B market with room to grow

The ANZ total addressable market for cybersecurity and related services is now $109 billion, growing ~8% annually. Customers increasingly seek strategy, education, and resilience "as a service", presenting MSPs with a chance to become trusted advisors rather than just service providers.

6. MSP 3.0 is coming

The next generation of MSPs will be AI-based, predictive, cybersecurity-first, and globally scalable. Success will come to those who integrate platforms, simplify engagement, and deliver strategic enablement, helping customers modernise infrastructure while embedding resilience and compliance at the core.

Key Takeaway: 

These hard truths aren't roadblocks. They're guideposts highlighting where MSPs need to focus, how to create lasting value, and turning compliance into a competitive advantage.

Microsoft's Yang underscored a critical reality: threat vectors are moving faster than ever, and security teams need frameworks they can trust.

Technology alone isn't enough. MSPs play a critical role in guiding customers to:

  • Adapt processes and behaviours
  • Embed security best practices like multi-factor authentication by default
  • Build governance structures that make frameworks effective

Lessons from Industry Experts

1. Navigating Overlapping Frameworks

Beuchelt noted that frameworks often overlap, creating confusion and duplicated effort.
💡 Takeaway: Clarity over complexity. More value can be gained when frameworks are streamlined and easy to apply.

2. Beyond the Checkbox

Frameworks deliver real value only when supported by monitoring, validation, and continuous improvement.

"The rationale for implementing a compliance framework has to be driven by business needs. Build security first, then use frameworks to ensure you haven't missed anything." – Beuchelt

 💡 Takeaway: Shifting from compliance-driven to security-led thinking is central to achieving genuine resilience.

3. Vendor Partnerships Matter

MSPs should leverage vendors to reduce the heavy lifting of mapping products to frameworks. Start small with manageable frameworks like Essential Eight, then expand as maturity grows.
 💡 Takeaway: Effective framework adoption begins with trusted vendor collaboration.

4. Measuring and Automating Compliance

Automated, data-driven compliance insights help partners move from static audits to continuous assurance, enabling proactive rather than reactive security management.
💡 Takeaway: Automation transforms compliance from a periodic task into a proactive security advantage.

5. Framework Adoption as a Business Decision

Compliance should support business objectives and customer outcomes, not exist for its own sake. Clear objectives and scoped frameworks deliver the greatest ROI.
"Begin with the end in mind. Define objectives and scope before selecting a framework that fits your size, sector, and growth stage" – Phillips

💡 Takeaway: The greatest ROI comes when framework alignment is driven by strategy, not compliance.

MSP Priorities and Key Actions

Building cyber resilience requires strategic thinking, framework alignment, and disciplined execution. Turning strategy into action starts with these priorities:

  • Start with an accessible framework and embed alignment across all service offerings.
  • Partner with vendors to simplify compliance mapping.
  • Treat compliance as an ongoing process, educating customers on risk, behaviour change, and operational strategy.
  • Focus on measurable outcomes that strengthen the broader security program.
  • Align every effort with business value and long-term resilience to stay proactive, not reactive.

The Next Evolution of MSP Resilience

Acknowledging the hard truths is the first step. The opportunity for MSPs lies in elevating their role from implementers to strategic resilience partners. By aligning security practices with recognised frameworks and by partnering with vendors who simplify that journey, MSPs can raise the bar not only for compliance, but for long-term trust, credibility, and growth.

With a $109 billion total addressable market in ANZ and growing investment in cybersecurity and AI, MSPs who embrace frameworks not as burdens, but as blueprints for resilience, are well-positioned to lead the market.

Further Reading:

The rise of Cyber Resilience: What ANZ partners need to know

Essential 8 & CIS Controls: How they work together to strengthen cybersecurity