NINETY-NINE PERCENT of MSPs are entirely wrong in their approach to selling cybersecurity services.
They don’t understand the nature of the sale, or the true motives of the buyer. Until you understand these two vital aspects, you can’t possibly be effective at selling cybersecurity solutions, which will leave you forever frustrated as you make attempt after attempt, constantly being told “No” or “We’re fine” or “We don’t need that.” So let’s review …
Cybersecurity is, at its core, a “loss prevention” sale, similar to fire and burglar alarms, elective insurance plans, and theft-deterrent systems in retail. Unfortunately, loss prevention is extremely difficult to sell. Most burglar alarm systems are sold after a home gets broken into, not before. Most generators and flood insurance policies are purchased after a major hurricane rips through an area, not in the sunny days preceding it.
To make matters worse, cybersecurity has been overhyped to the point of desensitization, much like overhyped weather reports. There have been so many breaches that prospects don’t “hear” the threat anymore. When the 9/11 terrorist attack first happened, it practically shut down air travel for months. Today, though, despite the fact that there are more terrorist attacks than ever before in our history, people are back to flying with little to no concern.
Another problem: There’s no ROI on cybersecurity solutions. If I spend money on marketing, there’s a tangible ROI. But when I invest a chunk of money on a ransomware-proof backup, there’s no ROI. In fact, we hope there never will be. Add to that the belief that “it won’t happen to me,” and you’ve got a damnably difficult sale to make. So how do you overcome this? Three quick strategies:
- Target a high-probability client. All things being equal, affluent, successful CEOs are more likely to buy cyber-protection solutions, because 1) they believe a breach would be very visible given the size of their organization; and 2) they know they have a lot to lose. Where you’ll get the most pushback is from the small, non-ambitious, non-entrepreneurial “shopkeepers” who are price-sensitive. They’re simply trying to survive, so spending money on “prevention” is the last thing they want to do. That’s why you want to go upstream to larger, more affluent clients.
- The marketing and sales process must convince them that it can happen to them and that the threat is imminent. You must shake their sense of security and make them distrust their current provider or team, raise the stakes from a minor inconvenience to a catastrophe, and create emotional urgency to do something now. That requires you to paint a very grim picture of what will in fact happen to them if their company is breached.
Most MSPs won’t do this because they feel uncomfortable. Positive reinforcement, the promise of gain, will not sell prevention. If you refuse to strike fear into your prospects, you are seriously handicapping yourself in the sales process. An undisturbed prospect never buys.
- Be a “broken record.” Successful marketing is not an “event” or a campaign. It requires a consistent outreach to that chosen target market about a singular topic. If you only show up randomly or when you want to make a sale, or if your message is inconsistent, boring, uninteresting, or unconvincing, don’t bother doing anything. Your marketing will have about as much impact as dieting for one meal.
Cyberthreats have given this industry a much-needed breath of fresh air, but if you don’t understand how the cybersecurity sale works, the world won’t beat a path to your door.
ROBIN ROBINS is CEO and founder of Technology Marketing Toolkit Inc.