Actionable intelligence and expert content to help you understand emerging threats, make informed decisions, and strengthen your cyber defense strategy.

GTIA's Guidebook on Evolving Cybersecurity Risks for MSPs

Written by Celerium Blogmeister | Feb 19, 2026 9:03:30 PM

GTIA (Global Technology Industry Association) recently released its “Cybersecurity Guidebook for MSPs,” which focuses on evolving cybersecurity risks for MSPs. It addresses how MSPs can elevate their conversations with clients and prospects about their cybersecurity culture and status, and how MSPs can implement best practices to better protect their clients. The guidebook’s content was developed with contributions from industry leaders, including Celerium’s Chief Information Security Officer, Vince Crisler.

Here are three highlights from the guidebook you should know about:

Cybersecurity Is a Culture, Not Just a Stack of Tools

One of the guidebook’s central messages is – cybersecurity success depends on culture, not just technology. Firewalls, EDR, and backups matter, but without consistent behaviors, executive buy-in, and employee awareness, those tools will eventually fail.

GTIA encourages MSPs to help clients understand that cybersecurity culture includes:

  • Leadership involvement and accountability
  • Employee security awareness and training
  • Clear policies and expectations
  • Ongoing communication, not one-time initiatives
  • Sharing your internal security practices at a high level
  • Explaining which frameworks or best practices you align with
  • Being honest about what you do and do not control
  • Ask vendors specific cybersecurity questions.
  • Understand how partners handle data and access.
  • Encourage clients to view vendor risk as part of their overall security posture.
Transparency Builds Trust and Differentiation

The guidebook emphasizes the importance of MSPs being transparent about their own cybersecurity maturity. Clients are asking harder questions, and MSPs who explain how they secure their own environments gain credibility.

Key recommendations include:

  • Sharing your internal security practices at a high level
  • Explaining which frameworks or best practices you align with
  • Being honest about what you do and do not control
Vendor and Third-Party Risk Can’t Be Ignored

Another major theme is vendor and supply-chain risk. Clients may invest in strong internal controls while unknowingly introducing risk through third parties.

Third-party incidents are increasingly common, and clients often assume MSPs are already managing this risk.

The guidebook recommends MSPs to:

  • Ask vendors specific cybersecurity questions.
  • Understand how partners handle data and access.
  • Encourage clients to view vendor risk as part of their overall security posture.

For MSPs looking to elevate their cybersecurity conversations, this guidebook is a valuable resource.

 

Explore the complete GTIA Cybersecurity Guidebook for MSPs here.

 
View full post