Business Strategy
Channel Insights
Stay Connected
Acer America
Acer America Corp. is a computer manufacturer of business and consumer PCs, notebooks, ultrabooks, projectors, servers, and storage products.


333 West San Carlos Street
San Jose, California 95110
United States


ChannelPro Network Awards

hello 2
hello 3

News & Articles

April 1, 2021 | Mark Kirstein

Don’t Let Cybersecurity Create Revenue Friction

When SMBs have to address cybersecurity to close their own sales, the direct tie between cybersecurity and revenue is a pain point MSPs can solve.

What do you think is the biggest driver for small and medium businesses seeking help with cybersecurity?

Would you be surprised if it wasn’t either preventing a breach or responding to a breach?

In our experience, it is neither. The biggest driver for an SMB to invest in cybersecurity is the impact on revenue. Specifically, SMBs want to reduce “”revenue friction,”” the slowing of the sales cycle or even the loss of sales due to time spent responding to cybersecurity requirements for themselves or their customers.

While many SMBs have their own regulations to deal with, such as HIPAA, cybersecurity requirements are increasingly part of their RFPs or contracts. In addition, if you have clients that sell to large enterprise customers, they are probably getting inundated with security questionnaires.

Here’s a scenario we see often:

Jane is the lead sales professional for her software-as-a-service (SaaS) company. Her SaaS solution provides critical market data for her enterprise clients, who would like to integrate the market data into their CRM software. She’s been engaged with a major media company on a significant sales proposal. It’s a long, enterprise-level sale, but Jane finally gets to a “”yes.”” She’s ready to close the sale and celebrate.

Then comes the screeching brakes on the deal: a dreaded security questionnaire with 200 mind-numbing questions about firewalls, multifactor authentication, hiring and firing practices, cyber insurance, and more. Obviously, this is not Jane’s area of expertise. So she sends it to IT, which in this case is an external MSP. After all, cybersecurity is IT, right? However, the MSP can only address two-thirds of the questions. Now Jane needs to send it to human resources, then legal, then accounting. Many of the questions are not about IT directly. They are about policies, procedures, and training.

Meanwhile, the deal Jane thought was closed is stalled. Two weeks go by, then five. Across the company, the staff filling out the questionnaire aren’t even sure if they’re doing it right.

This scenario illustrates “”revenue friction.”” Not only is Jane not closing the sale, she’s wasted a lot of time and is distracted from her next prospects.

For MSPs, this scenario represents an enormous opportunity. When companies have to address cybersecurity to close their own prospect engagements, the direct tie between cybersecurity and revenue is a pain point you can solve. In addition, when closing sales directly maps to cybersecurity, everybody involved is highly motivated. Best of all, the conversation becomes about business results, as opposed to software stacks or blinking lights.

How MSPs Can Leverage this Scenario

To take advantage of this opportunity, first be on the lookout for revenue friction. If your clients ask you for help with a security questionnaire, that’s your cue for a business discussion about cybersecurity. Help them with the questionnaire, but also ask how the questionnaire will impact their business.

Second, if clients haven’t yet talked with you about this issue, initiate the discussion by asking if any of their customers or prospects have requested that they complete security questionnaires.

Third, ask prospects too. If you bring up security and the incumbent company has not, you have an opening.

Once you’ve started the discussion, ask:

  • How often do they see security questionnaires? 
  • Are they comfortable that the responses in the questionnaire are contributing to closing the sale, or are they inhibiting the sale? 
  • Could a stronger cybersecurity position be a differentiator when seeking new clients?

These “”revenue friction”” questions lead to the opportunity to help your clients or prospects with cybersecurity, but also expand your MSP engagement. This may be on the managed security service provider (MSSP) side, where you help with a SOC, SIEM, IDS, or other parts of the security stack. It may be more foundational on the MSP side, such as implementing RDM, patch management, backups, and recurring log reviews. Either way, you’re capturing a new prospect or growing your MRR with existing clients.

In addition, operational security processes embed your services into their revenue stream and tactical operations. Whether it’s hiring, firing, closing a sale, or releasing new software or products, these processes integrate into security operations—with you as the MSP partner. These are “”sticky”” relationships that last for decades and repel competitors.

Let’s go back to the scenario with Jane. Beyond the sales questionnaire, cascading compliance requirements are driving cybersecurity into RFPs and contracts. At some point the impact on revenue gets the attention of executive management. Where do they turn for help? Their MSP. If you are prepared to help address the individual security questions more effectively or achieve compliance with frameworks like SOC 2, CMMC, or ISO 27001, your opportunity has arrived.

If you are uncomfortable with the administrative controls (policies and procedures) and the compliance side (project management and audits), partner with a third-party security consultant. You can travel the security questionnaire and compliance path together, with the vCISO doing the project management and documentation while you handle the technical work.

At the end of the journey, you will have removed security as a source of revenue friction. The client will have a solid system security plan and roadmap that enables great responses for the security questions, as well as a system in place to efficiently respond to the security questionnaires, while reducing the impact on revenue and sales time. This elevates you to a “”trusted consultant,”” with increased MRR and retention.

One last byproduct: The client has a robust security position that reduces risk and protects brand and reputation.

MARK KIRSTEIN is vice president of customer success at Cosant Cyber Security, an infosecurity compliance and consulting company.

Image: iStock

Editor’s Choice

Midwest MSPs Treated to Personal Stories, Compelling Demos, and More at ChannelPro LIVE: Columbus Show

June 7, 2024 |

Ohio technology professionals joined ChannelPro to share business best practices at the area’s first-of-its-kind event.

Asigra Makes a Splash with New SaaS App Data Backup Platform

June 3, 2024 |

Asigra’s new SaaSAssure platform offers MSPs comprehensive, secure, and easy-to-use backup solutions for SaaS apps, addressing a critical market need and providing an unparalleled opportunity for revenue.

Peer to Peer: John Kampas on Why EMPIST Thrives — Plus, 1 Mistake Too Many MSPs Make

May 31, 2024 | John Kampas

How prioritizing customer protection and technological empowerment helped EMPIST evolve into a “managed technology provider” with an international presence.

MSPs React to Comprehensive, Aggressively Priced Kaseya 365

May 1, 2024 |

Hear from MSP peers on the launch of the new Kaseya 365 program — designed to provide a crucial package of tech services at an affordable monthly price.

Related News & Articles

Growing the MSP

Explore ChannelPro


Reach Our Audience