The role of the MSP in cyber resilience and how to be thoughtful about AI adoption: XChange UK day 2

XChange UK Day 2 highlights the importance of the MSP/client relationship in tackling emerging threats, as well as emerging research on successful approaches to AI adoption

The second day of XChange UK kicked off bright and early, with a wellbeing session at 8.30am. By 9.30, most attendees were refreshed from the previous night’s dinner and ready to take on the day’s sessions and boardroom appointments with gusto.

And not a minute too soon, as the first session of the day tackled the crucial topic of MSP/client relationships in the context of emerging cyber threats.

Staying ahead of the game: Tackling emerging threats to protect your client

Cyberthreats, due to their ever-evolving nature, require constant adaptation; The role CISO asks for more skills and knowledge with each passing day to face not only the cyberattacks exploiting businesses and the people working for them but also the budget constraints affecting MSPs and their clients.

But here remains one major issues; some businesses don’t even realise the importance of having a cybersecurity strategy.

The channel doesn’t just need to convince and attract new customers, but it also needs to focus on building trust with them, as all companies need to understand it’s a matter of when, not if, they’ll be hit by a cyberattack.

But building trust takes time, according to John Hay, head of cyber at Net-Defence.

“We bandy around the phrase trusted advisor, but I don't think anybody is a trusted advisor unless your customer says you are.

“You can't go in for the quick, hard sell, and you need to be honest with them.

“You have to say ‘here's your journey, and this is how much we think it's going to cost.’

“If they're resistant to that, you have to listen to the reasons why.

“If they can't afford it, you need to suggest more affordable solutions, while warning them of the risks.

“Then it goes back to having the talk about resilience, because the attack will happen, and if they realise that they can recover from that, a little bit of fear goes away.”

For Lee Johnson, chief information officer & CISO at Air IT, three things are keys to build trust with businesses.

“The first one is about making sure that you're leading by example.

“All these services and all the elements that you're telling your customers are important as part of their resilience programme, make sure you've got them implemented in your business first and foremost.

“The second one is about thought leadership and active communication programmes around cyber awareness to your customers.

“That can be sales led events and also non sales events.

“We often do webinars, in person events, round tables.

“We have a clear communication strategy with marketing.

“Once a quarter, we will release a threat report; We will do an update on what types of attacks we've seen and what that does.

“When you do that on a regular basis, it just makes customers think their service provider knows what they're doing in terms of security.

“The third thing is building a trust centre and actually having written documentation that you can give to the customer to help give them peace of mind.

“I'm sure many of us in this room have all had the joy where we get a supply due diligence form come from a customer with a security questionnaire. They’re a real challenge, because each of them are different.

“We’ve created a customer facing cyber security policy.

“It talks at a high level to say we have the following controls and principles based within our business, for example access control, business continuity, XDR, log management, detection and response.

“It allows you to not give too much away, but in terms of building trust, it makes such a difference.”

Katie Sloan, marketing director at Core Technology Systems, and Eamon McGann, client solutions director at Core, shared proprietary insights into the real-world applications of AI, drawing from over 60 Microsoft Copilot workshops and exclusive market research conducted by the business.

Their presentation, structured around a three-pillar approach, explored success stories, challenges, and the latest developments in AI-driven automation.

They also revealed key data from Core’s 2025 survey of IT leaders, uncovering the top hurdles organisations face when integrating AI into their strategies.

The session provided actionable insights on how AI is reshaping operations, driving efficiency, and fostering innovation.

Early on, McGann addressed a common misconception about AI—that it’s here to replace human jobs.

"The businesses getting the most out of AI are the ones using it to augment human expertise, rather than replace it," he explained.

He highlighted that AI’s true potential lies in automating mundane tasks, freeing up employees to focus on more strategic activities like decision-making, customer engagement, and innovation.

“It’s not about replacing people; it’s about enabling them to do their best work."

Sloan followed with a deep dive into Core’s research findings, where 81 per cent of 300 surveyed IT leaders in the UK highlighted that adoption and training were essential considerations for implementing AI tools like Microsoft Copilot.

She also noted that 31 per cent of respondents expected onboarding, training, and adoption support from their managed services providers, while 32 per cent wanted ongoing technical assistance.

This data underscored the need for businesses to offer not only technical readiness but also leadership support, user training, and change management to ensure successful AI adoption.

Both speakers emphasised that AI is not a one-off solution but requires continuous refinement to deliver meaningful results.

McGann pointed out: “AI requires ongoing refinement, monitoring, and adaptation to deliver meaningful business outcomes,” underscoring the importance of embedding AI into workflows and adapting them based on real-world results.

Sloan also stressed the importance of data governance, warning that AI models can only work effectively with clean, accurate input.

"AI models can only work with what they’re given, and if the input is flawed, the output will be too," she noted.

McGann then explored the journey of generative AI, referencing the Gartner ‘Hype Curve.’

He explained that Microsoft Copilot started in the ‘Technology Trigger’ phase in 2023, generating buzz for its productivity potential.

However, as McGann observed, by Q1 2024, many organisations entered the ‘peak of inflated expectations,’ testing the waters with high hopes. But by late 2024, these hopes gave way to the ‘trough of disillusionment’ as challenges—such as technical readiness and cultural resistance—became more apparent.

“The exciting part is what comes next—the ‘slope of enlightenment,’” he said, predicting that in 2025, businesses will refine their strategies, unlock real value, and move toward more sustainable AI adoption.