🔴 Having a backup doesn't protect your clients from this

For years, it’s run like this. Good backups mean a ransomware attack is a big annoying event, but not the end of the world. You restore, you recover, you carry on.

That’s becoming less true.

GuidePoint Security’s Q1 2026 ransomware report found that threat actors are increasingly moving away from encryption-based attacks toward pure data theft followed by extortion demands. SecurityBrief

They break in, steal everything, and then threaten to publish it unless they get paid. No encryption. No locked systems. Your client’s backup is kinda irrelevant.

If the data gets out, it gets out. Backup or no backup.

This matters for how you’re selling security to clients. “We back up everything” is no longer a sufficient answer to “what happens if we get hit.”

The conversation now needs to include what happens if their customer records, financial data, or confidential files get published online or sold. That’s a different kind of damage… it’s reputational, legal, and in some sectors, regulatory. And no restore point can fix it.

Worth updating your security review conversations this week if you haven’t already.

🟡 Microsoft's April patches include an actively exploited SharePoint zero-day

If your clients are running internet-facing SharePoint servers and you haven’t yet pushed April’s Patch Tuesday, this is your nudge.

Microsoft’s April 2026 Patch Tuesday fixed 167 flaws, including a SharePoint Server spoofing vulnerability that was being actively exploited in the wild, plus a Microsoft Defender privilege escalation flaw that was publicly disclosed before a fix was available. Bleeping Computer

On top of that, Apache patched a remote code execution vulnerability in Apache ActiveMQ Classic that had been hiding undetected for 13 years. And Cisco released fixes for critical flaws in Identity Services Engine and Webex that could allow an unauthenticated attacker to impersonate any user.

Busy fortnight for patching, right?

🟢 MSPs’ biggest challenge right now? Getting new clients

Kaseya published their 2026 State of the MSP Report last week, surveying over 1,000 MSPs globally. And the most difficult thing for MSPs continues to be winning new logo business.

71% of MSPs say acquiring new customers is their top challenge. Deal sizes are also falling. The share of MSPs reporting typical customer spending above $25,000 per year dropped to 41%, down from 75% the year before. Kaseya

So the pool of big-spending clients is shrinking, while competition for new clients is intensifying.

And 48% of MSPs rank AI and automation as their clients’ top need for 2026. Yet only 13% are currently generating meaningful revenue from those services.

The gap between what clients want and what MSPs are actually delivering as a revenue line is the opportunity.

Here’s how we see it. The MSPs who figure out how to package and price AI services properly in the next 12 months are going to pull away from the ones still treating it as a conversation topic.

That's your MSP Minute for Monday. Enjoy the week… you got this! Back tomorrow morning.