Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3

News & Articles

January 21, 2021 | Mark Kirstein

5 Cybersecurity Conversation Starters

By focusing on challenges along with strategies, ROI, and opportunities, MSPs can turn security into a business discussion and cement their trusted adviser status.

Today more than ever, MSPs need to have “”the conversation”” with customers … about cybersecurity. If your conversation sounds like a sales pitch, however, your client will tune you out. It could also undermine the trust you’ve worked so hard to build.

Clients don’t typically want to talk about products or services. They want to know about solutions and business outcomes. That’s why it’s critical to have this conversation, because cybersecurity is a business challenge and it presents both obstacles and opportunities for MSPs and their clients.

First and foremost, MSPs have a responsibility to help clients reduce their risk of a cybersecurity incident. While you do this as a responsible business partner, you also need to take reasonable and prudent precautions on behalf of your clients to avoid potential liability.

Second, cybersecurity is a critical and current business issue that drives technology spend, through you as the MSP. For instance, security audits and compliance programs can involve the MSP, a managed security services provider (MSSP), and/or a cybersecurity consultant. While bringing in a third party for an assessment can feel risky, recommendations from that exercise carry teeth. They are aligned with specific business objectives and advanced by a neutral consultant, positioning you to implement the resulting remediation solutions.

Finally, supporting the creation of a system security plan (SSP), which defines the compliance project and remediations, is billable time. Operationalizing the security program embeds you, the MSP, in the overall business operations. This makes your relationship sticky and sustainable.

The security plan, including risk management, incident response, and continuity of operations, adds business requirements to IT, based on specific and definable business objectives and ROI. It’s not about speeds and feeds or ports. It’s about how each IT investment supports the business objectives identified. As the MSP engaged in this strategic conversation, you cross the bridge into being a trusted adviser.

Focus on Challenges

So how do you start “”the conversation””? Ask prudent business questions and lead with the client’s challenges rather than products. Once you’ve identified their challenges, you can align recommended products and services. Here are a few conversation starters:

  1. Have your clients started asking you about your cybersecurity posture through security questionnaires or RFP requirements?

Among the biggest drivers of comprehensive cybersecurity planning is cascading compliance requirements. More companies are focusing on vendor risk management to ensure their suppliers don’t put them at risk. (Hint: The recent SolarWinds supply chain attack will reverberate in this area.)

  1. Do you have clients in regulated industries that are required to implement cybersecurity standards, such as HIPAA (healthcare), PCI (finance), GDPR (privacy), SOC2 (SaaS), or CMMC (military)?

If their clients are regulated, cybersecurity compliance is headed their way, sooner rather than later.

  1. We’ve established many of the baseline technology solutions for cybersecurity, such as firewalls, patching, backup, and more. Have you considered or implemented the more business-oriented cybersecurity practices, such as a risk management, vendor risk management, incident response, or business continuity?

Many clients haven’t established what their maximum tolerable downtime is in the event of an incident. And most MSPs focus on Identify, Protect, and Detect (from the NIST Cybersecurity Framework). The second half of the security framework, Respond and Recover, is more than just restoring backups. It is people-intensive, focused on policies, plans, and roles. We all know a cybersecurity incident is a matter of when, not if. Even the most sophisticated companies can fall victim. Dealing with “”when”” is incident response, continuity of operations, and more.

  1. Have you observed your competitors either highlighting their security posture in their marketing or being directly impacted by a cybersecurity incident?

Companies that invest in robust cybersecurity to keep their clients safe want them (and prospects) to know about it. It’s a differentiator that can drive revenue and ROI.

  1. We take very deliberate steps and make recommendations to you for cybersecurity from an IT perspective. Would it make sense to consider a third-party cybersecurity assessment that not only independently reviews your IT security posture, but also reviews the business practices around cybersecurity, such as policies, procedures, and ROI for risk remediation?

Making recommendations for a third-party security audit not only increases your clients’ security, but reduces your liability by advancing reasonable and prudent recommendations.

Cybersecurity is more than blinking lights and white noise. It’s about considering strategy, ROI, and more. Turning “”the conversation”” into a business discussion moves you from supplier to trusted adviser. It’s up to your client to act.

MARK KIRSTEIN is vice president of customer success at Cosant Cyber Security, an infosecurity compliance and consulting company.

Editor’s Choice

5 Tech Companies Aim for Channel Dominance. Read Their Powerful Pitches to MSPs.

July 9, 2024 |

Representatives of Zero Networks, Ostendio, Sectigo, Lumu Technologies, and Josys want to help you stay ahead in the IT channel. Here’s how.

ChannelPro DEFEND Conference Heads to NJ, Promises to Lift Cybersecurity and Profitability of MSPs

July 8, 2024 |

Register now for ChannelPro DEFEND: East in Islen, NJ, on Aug 7 and 8 for unparalleled cybersecurity learning, networking, and collaboration opportunities.

Related News & Articles

Growing the MSP

Explore ChannelPro


Reach Our Audience