IT and Business Insights for SMB Solution Providers

Selling Risk Mitigation, Not Bulletproof Security

MSPs must make the case that a cyberattack will hurt the business and that an incident is highly likely to occur. By Jennifer Bleam

The following is an edited excerpt from the book Simplified Security Sales for MSPs.

Cybersecurity sales is about selling risk mitigation, and there are two arguments you must prove. First, a cybersecurity incident will be highly impactful to the organization. Second, an incident is highly likely to happen. If you fail to prove either point, you are in the “zone of think about it.”

Look at these two arguments through the lens of an attorney in a high-profile court case. First, you must prove that a cybersecurity incident would have a disastrous impact on the prospect’s business. We (as technology professionals) are at a disadvantage, because we have lived through the reality of a cyber incident. We know firsthand how a company is affected during and after an attack. But your clients and prospects have not walked that mile in your shoes. They have not experienced the absolute devastation, frustration, and sense of violation that come from a cybersecurity incident. You must convince them.

Some of the argument can be made through your discovery process. But another part should be made through your marketing. Use emails, blogs, and social media posts. Share news stories of companies in your niche or in your town that have been through a ransomware incident or a breach of some type. Especially relevant are public interest pieces where a practice manager or office manager was interviewed.

These individuals will share the kinds of implications that help your prospects and clients truly understand the impact of a cybersecurity attack at the personal level—such as needing to bill manually or searching printed files for phone numbers because electronic records weren’t accessible. They will tell how their CEO or managing partner had to work 20 hours each day (for a week or more) and that they still don’t know how bad the damage is or how long the CEO can keep burning the midnight oil. This unsung hero will also recount how they could not manufacture their product, track time, or bill clients. Most of all, they will share how they felt during the whole ordeal.

These very real stories underscore the fact that you can’t simply write a check for $50,000 to pay the ransom and move on. Recovering from an incident is significantly more difficult than that.

Have you presented enough evidence to convince the jury (in this case, your prospect) beyond a resonable doubt that they should care about cybersecurity because of the implications to their business? If you have not proven your case, then you must continue the conversation, because you almost certainly will not make the sale.

ChannelPro SMB Magazine

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.