• Forging Trust
  • Posts
  • Risk Appetites for MSPs and Balancing Innovation with Risk

Risk Appetites for MSPs and Balancing Innovation with Risk

IT channel and business news with a focus on regulatory compliance.

Author

Blacksmith Team
September 10, 2025

🍽️ Why Does Risk Appetite Matter to MSPs?

Aligning MSP risk appetite with a client’s appetite is crucial — a mismatch can lead to overpromising or failing to meet expectations on reliability or compliance. By being explicit about risk appetite from the beginning, MSPs can design proposals, contracts, and SLAs that capture the true risk landscape. Ultimately, this allows you to make future decision-making clearer and easier.

🎙️The Get NIST-y Podcast!

Follow our compliance and information security podcast — now on Spotify!

Episode 1 — CIA Triad and the Value of Compliance:

⚖️ Balancing Innovation and Risk

Cybersecurity leaders don’t ask whether innovation is safe — they design systems so that innovation remains safe by design. By fusing creativity with discipline, they avoid the false trade-off between speed and security. Instead, they build organizations that can out-innovate competitors and outlast adversaries.

⚠️ Threat Updates

🔴 Tenable Data Breach Tied to Major Supply Chain Attack (9/9/25)

Cybersecurity firm Tenable confirmed exposure of customer data after a third-party supply chain compromise via Salesloft Drift, affecting more than 700 organizations. Attackers accessed customer records and telemetry, raising concerns about persistent vendor exposures. Tenable is urging clients to review supply chain security controls and monitor for suspicious activity. » More Info

🔴 Microsoft Patches Two Actively Exploited Zero-Days in Patch Tuesday (9/9/25)

Microsoft released fixes for 81 vulnerabilities this September, including two zero-days under active attack. CVE-2025-55234, a privilege escalation flaw in Windows SMB, allows attackers to perform relay attacks for elevated access on systems. Ten vulnerabilities received “Critical” ratings. Immediate patching across Windows, Office, Azure, and SQL Server is strongly recommended. » More Info

🗨️ Parting Words

"IT is the opposite of insurance. Everyone pays for insurance and hopes to never have to use it. Nobody wants to pay for IT yet they use it every day." — Unknown

Are you a vCISO or MSP looking to operationalize security programs? Let’s discuss how Blacksmith Infosec proves that compliance is an opportunity, not a struggle that has to be packaged in FUD!