SOONER OR LATER, every managed service provider will find it necessary to have the cybersecurity talk with customers. But is everyone speaking the same language? In an era of connected everything, the terms “security” and “cybersecurity” are often used interchangeably. However, learning and leveraging the difference could unlock revenue streams with long-term payoff.
Security veterans say “security” is a broad term for protecting information and assets, and “cybersecurity” emerged in response to internet-based threats. The two tend to get lumped under such labels as “network management,” “information assurance,” or “information security.” As digital transformation increases reliance on information technology and the cloud, the distinction only gets murkier.
Still, it’s worth learning how to tease out customers’ cybersecurity needs, according to Ron Culler, senior director of technology and solutions with ADT Cybersecurity.
Culler says that managed firewalls and managed internet security will always be in high demand, along with data backup and recovery. Other cybersecurity offerings include patch management, policy management, vulnerability scanning, intrusion protection, and endpoint control.
Businesses with valuable intellectual property to protect are good prospects, says Jason McNew, founder and CEO of Stronghold Cyber Security. Culler suggests focusing on business processes—say, product delivery or accepting payment—that could potentially be impacted by security disruptions.
“Cybersecurity margins can be better, depending on how the provider positions the offerings,” Culler adds. A flat fee might reduce margins, but it might also be what customers prefer.
McNew cautions, though, that while the margins are strong, “the expertise is not cheap.” He says real cybersecurity expertise comes from IT specialists “who have so many certifications that they can’t see straight anymore.”
McNew encourages investing in education for the strongest members of your team, starting with security resources available through industry association CompTIA. Then, learn cybersecurity frameworks from CompTIA or the National Institute of Standards and Technology (NIST). Depending on your customer base, training on PCI DSS security standards for credit card payments or HIPAA guidelines for healthcare customers might also be necessary.
Once you learn the language, you’ve got to master the conversation to maximize revenue. Customer needs can vary by business size and structure. For instance, small businesses need a broader security conversation, but franchises have their own unique issues, says Culler.
“You might start with a discussion of risk for a general business. Talk compliance for businesses like doctors’ offices and credit card processes,” says Culler. “You help by understanding the risks, building the framework, providing documentation, then matching that framework and policies to what you as a provider can provide.”
No matter how you tackle it, there’s a fair amount of homework to do before profits come. The good news is, the need for cybersecurity specialists is only going to increase, so you’ve got time to get it right.