When a cybersecurity incident hits one of your clients, your immediate focus is on mitigation and recovery, not your MSPs liability. But in the weeks that follow, another concern may surface: legal exposure. As an MSP, you may not think your marketing language carries much legal weight, but in the eyes of an attorney or a court, it absolutely can.
Breach-related lawsuits increasingly include claims not just against the company that suffered the breach, but also against their IT service provider. In several recent cases, the trigger wasn’t a failed firewall or missed patch, but the MSP’s own marketing language.
What You Say Can Be Used Against You
These are bold promises:
- “We guarantee your data is always safe.”
- “100% protection from cyber threats.”
- “Never worry about ransomware again.”
If found in your brochures, proposals, or website, even buried in a PDF from five years ago, these statements can be referenced in litigation to suggest you failed to meet your own commitments.
The problem isn’t that you meant to mislead. Most MSPs genuinely want to protect their clients and work hard to do so. The issue is that cybersecurity is inherently a game of risk management, not absolute prevention. No solution is 100% effective, and no provider can eliminate every vulnerability. Saying otherwise, even with good intentions, sets an unrealistic expectation and potentially, a legal liability.
Real-world Legal Risk
A growing number of attorneys are scrutinizing vendor-client contracts after a breach. If a client claims they were told, “You’ll be completely secure,” and then gets hit with ransomware, your company might be drawn into legal action. This is not because you were negligent, but because of a misalignment between what was promised and what was delivered.
This is particularly dangerous when your contracts are conservative and clear (e.g., “We provide best-effort protection.”) but your marketing materials suggest otherwise. That disconnect is a vulnerability.
What to Do Now: Review and Align
To get started, audit your website, proposals, brochures, email campaigns, and even slide decks. Use a critical eye to review any statements where you talk about security. Replace absolute terms like “guaranteed,” “always,” or “never” with language that reflects risk mitigation and shared responsibility.
You might say:
- “We provide robust cybersecurity solutions to help reduce risk.”
- “Our services are designed to detect, contain, and recover from threats quickly.”
- “We follow industry best practices to help you stay protected.”
Don’t be vague. Be accurate and defensible.
Contracts and Client Education Matter, Too
Your master service agreements should clearly define the scope of your cybersecurity responsibilities. Consider having clients sign off on acceptable use policies or minimum standards for endpoint security and patching. If a client refuses to follow your recommendations, you should have written documentation that they’ve acknowledged and accepted that increased risk.
Education is just as important. Make cybersecurity a topic of regular discussion with clients. Help them understand that the goal is resilience, not invincibility. The more informed they are, the less likely they are to feel blindsided if an incident occurs.
Final Thoughts: Market with Integrity
You can still sell your value without making unrealistic claims. In fact, many clients will respect your honesty. Build trust by promising to reduce risk, respond quickly, and help recover from incidents. This acknowledges the real-world challenges businesses face today.
In an era where even the best defenses can be breached, your credibility rests not just on what you deliver, but on what you promise. Make sure both are grounded in reality.
Next Steps
- Want more helpful guidance on selling security services? Check out our Cybersecurity Answer Center
- Have a question for our experts? Send it to editors@channelpronetwork.com
ChannelPro has created this resource to help busy MSPs streamline their decision-making process. This resource offers a starting point for evaluating key business choices, saving time and providing clarity. While this resource is designed to guide you through important considerations, we encourage you to seek more references and professional advice to ensure fully informed decisions.
Featured image: iStock
