Small business are fucked in Oz with respect to infosec. Scant time to learn. No money or avenue to pay it away. MSPs doing IT but quietly not security. Government offering another pdf guide. Vendors snake oiling av and bullshit as a solution to wider security problems.

The way I see it, biz needs an option to pay the worst bits of the problem away.

Wouldn't it be grand if MSPs were compelled to disclose the security stuff they do and more specifically don't cover?

When broad expectations are at odds with reality (the tech people handle security, don't they?) it's hard to see it as anything but deception.

In the meantime, they're getting rinsed and help is disjointed, disparate, contradictory, and wholly inadequate.