Security is the No. 1 concern of business owners today. This isn’t surprising given the number of hacks, breaches, data thefts, ransomware attacks, and privacy violations that we hear about on a daily basis. And those are just the ones we know about. According to the Online Trust Alliance’s (OTA) most recent Cyber Incident & Breach Trends Report, cybersecurity incidents nearly doubled from about 82,000 in 2016 to 160,000 or so in 2017. But since so many breaches go unreported, the OTA notes that this number could easily be more than double that.
The necessity to thwart cybercriminals and protect critical business, financial, healthcare, and other data has created a tremendous opportunity for IT service providers to address this challenge while benefiting from a continually growing revenue stream.
In this series, I’ll dive deep into the topic of selling security services and cover essential topics such as the solutions available within different levels of security offerings; how to lead with security to prospect effectively and set appointments; and how to price, position, and sell these services, even if you’re not a security expert.
Cybersecurity Prospect Qualifying Overview
After Sales Prospecting and Preparation activities and conducting the Sales Warm-Up with your new prospect during your first meeting, Sales Qualifying is the third step of the 7 Step Sales Process you will conduct, and is a critical one towards your evolution as a prospective client’s trusted advisor.
Properly Positioning Cybersecurity Services Through Effective Qualifying
A successful qualifying process is necessary to uncover valuable information regarding your prospect’s cybersecurity needs, and to understand if they can be addressed and where they align within your cybersecurity services and deliverables. During the Qualifying phase of the sales process, you should ask a series of strategic questions that keeps your prospect’s curiosity piqued and strengthens your perceived competence by the prospect.
The most effective way to qualify a prospect for cybersecurity services is to identify their active security problems or pains and elevate the priority of their latent needs through a series of strategic diagnostic, issue, and implication questions designed to increase buying temperature and accelerate sales velocity. The next step is to position away typical alternatives the prospect may consider, such as waiting or doing nothing, trying to fix it themselves internally, or engaging a competitor of yours. Finally, the best solution to address their cybersecurity challenges is presented—to engage with you and your organization. When executed correctly, this strategy will noticeably improve your sales closing results.
Qualifying Prospects Using the QBS® Approach
My technique for training sales professionals is influenced by the Question Based Selling methodology pioneered by Thomas A. Freese at QBS Research. When qualifying prospects and clients using the QBS approach, you will:
- Establish credibility by using Diagnostic or Status questions to uncover a prospect’s pain and needs
- Identify active needs and increase the priority of latent needs using Issue questions
- Use Implication questions to create a heightened sense of urgency in a prospect to resolve their active and latent pain and needs
- And let them know you can help by introducing your solution to them.
Diagnostic Qualifying Questions Establish Credibility
The four objectives of Diagnostic questions are to kick off the needs development conversation in a non-threatening manner, gather valuable information that helps guide the conversation, establish your credibility as a valuable resource to your prospect or client, and earn the right to get into more depth about potential issues and implications. After you’ve properly warmed up your prospect or client, you’ll ask permission to transition to the Diagnostic phase of the Qualifying process. This is accomplished by simply asking permission in a straightforward manner, such as “”do you mind if I ask you a few specific questions about your cybersecurity?””
Once the prospect grants permission, you ask a series of short-answer questions to understand specific facts about their current situation. When selling cybersecurity services, for example, you might ask diagnostic questions such as:
- “”What systems do you have in place to monitor and protect against a security breach?””
- “”Have you identified all security-specific regulations and standards that apply to you?””
- “”How confident are you in your ability to demonstrate compliance?””
- “”Have you identified all sensitive data that you maintain and ensured that it is adequately protected?””
- “”What are your critical, high-risk technology platforms and systems?””
- “”Do you provide employees with security awareness training to guard against phishing and social engineering attempts?””
- “”Do you manage security in-house, or do you outsource this critical function?””
The more specific diagnostic questions you ask, the more trust and confidence you build in your prospect or client regarding your expertise and ability to solve their problems. These questions are typically found on your Security Assessment Form or other data collection tool that you will complete and provide your sales engineer later to help inform proposal creation.
Issue Questions Identify Active and Latent Needs
Issue questions allow you to ask the appropriate additional questions to elevate latent or lower priority needs to a much higher significance to increase buying temperature and accelerate sales velocity. For example, when qualifying a prospect for cybersecurity services, you may ask issue questions such as:
- “”What’s the most significant business issue you currently face related to cybersecurity?””
- “”What goals would you like to achieve with a strengthened cybersecurity posture?””
- “”Are your cybersecurity concerns stifling company growth and innovation?””
- “”Do you have to ask your MSP to advise on cybersecurity improvements, or is your IT service provider proactively offering them to you?””
- “”For what reasons are you looking to hire a new cybersecurity partner now?””
- “”What triggered your decision to hire a new cybersecurity partner?””
- “”What’s made cybersecurity now so urgent or important to you?””
Implication Questions Build Buying Temperature and Urgency
Implication questions increase sales velocity by having your prospect or client imagine a worst-case scenario should they fail to address the active and latent needs you’ve just elevated to much higher priorities for them. Examples of cybersecurity implication questions you could ask include:
- “”How adversely would a security breach affect your…
- Business?””
- Company morale?””
- Customer relationships?””
- Customers’ businesses or personal lives?””
- Employees’ and your company’s image and reputation?””
- Personal and professional reputation?””
- “”What’s the worst thing that could possibly happen if you did nothing to address these issues and the unthinkable occurred: your company and customer data were hacked and made available on the dark web, or encrypted and held for ransom?””
Budget Questions Inform Solution Development and Pricing
Determining whether your prospect or client can afford your services is just as important as determining whether they can benefit from them. After all, need doesn’t matter without the desire to buy and the ability to pay.
You may not yet have discovered a comfortable, natural way to ask the budget question when qualifying prospects or clients, therefore avoid asking it at all. This is the wrong approach, as it leads to potential “”sticker shock”” when a prospect finally receives your proposal with a price tag that they haven’t been qualified for and may not have expected. It also erodes your sales closing percentages, because it is difficult to recover from that type of reaction by a potential client. And finally, it may lead you to feel you must now negotiate on price – always a negative when it comes to maximizing service profitability and potential sales commissions.
As we will always qualify for budget in every sales engagement, the following questions allow this process to flow in a very natural manner:
- “”How do you handle budget considerations?””
- “”Whose budget will support this important cybersecurity initiative?””
- “”How will our engagement get funded?””
- “”What sort of budget do you have in mind?””
- “”Are funds allocated, or must they be requested?””
- “”What is your expectation of the investment required to resolve this threat?””
- “”Does your budget to solve your cybersecurity vulnerabilities match the severity of the problem?””
- “”What is your range on this? In a perfect world, what is the minimum amount you would like to see this handled with? Then, what is the maximum you could possibly put into the solution, if it became absolutely necessary?””
Of course, your prospect may have no idea of the budget required to strengthen their cybersecurity posture. It’s not like they just have budget lying around that they can pull from, so in those scenarios you may have to guide them with a range of budget. You could state something like this:
“”For other clients about your size with similar cybersecurity challenges, we’ve budgeted between x and y. Of course, that’s not an apples-to-apples comparison, but if it were, would you be able to find that kind of budget for us to address your cybersecurity challenges for you and give you peace of mind?””
Once you’ve completed qualifying your prospect or client and successfully established their need and ability to budget for your solution, let them know you can help.
Tie-Down and Trial Close Questions Elicit Feedback and Establish a Prospect’s Proximity to Closing
Feedback is crucial to a successful cybersecurity sales qualifying session. Without it, we don’t know if we’re doing a good job of understanding the prospect’s needs, if the prospect is tracking with us as we speak, when we need to change our approach, or when it’s time to transition to the next step in the qualifying process.
The best way to get feedback is by using “”Trial Closes”” and “”Tie-Down”” questions. A tie-down does just what it sounds like it does, but in a figurative sense. Good sales professionals use tie-downs to gain conceptual agreement from their prospects to keep the momentum going throughout the sales process. Tie-downs are small questions that you can ask of your prospect to ensure they are following you and agree with what you’re saying, and like what you have to offer.
Example Tie-Down Questions include:
- “”Does that make sense?””
- “”Wouldn’t you agree?””
- “”Does that sound reasonable?””
- “”Do we have an agreement?””
A trial close is a smaller close that lets you know whether your prospect is ready to move forward to the next step during initial qualifying, or later in the closing phase of the sales process. Trial closes are softer than an actual close and are used to move the sale along…especially when you’re looking to make a point towards the end of your qualifying session. Examples of good trial closes include:
- “”If we could address all these problems for you and remain close to your budget, would you be ready to move forward?””
- “”Is there anything I’ve shared with you today that would prevent you from taking the next step, and allowing us to conduct a security assessment?””
Next Steps After Qualifying
If your prospect isn’t qualified for your cybersecurity services because of a lack of need or budget, or you sense they aren’t a good cultural fit for your organization, move on.
If, however, they are qualified, follow your organization’s process for engaging with the appropriate person that will handle the pre-sales engineering duties of creating the cybersecurity sales proposal, and the process for scheduling a security and/or technical assessment of the prospect’s environment, in order to gather and compile all of the information needed by your sales engineer to design and price your services appropriately and produce a compelling sales proposal.
Next time:
Don’t miss Erick’s webinar on How to Sell Cybersecurity Without Being a Security Expert too
