For MSPs and VARs trying to expand the reach of their services with existing clients, initiating a cybersecurity conversation around the need for solutions and services can be challenging. This is often because clients believe that their cybersecurity needs are already being met internally, or they are hesitant to admit that they suspect they may be unprepared.
Yet, these are important discussions, particularly since cyberattacks could ultimately harm your client and create challenges for you when supporting them in the aftermath of an attack. If the client is not taking security seriously enough, then any system you have provided them is vulnerable — along with your reputation.
One key thing to remember is that clients rarely want to have a product/service conversation; they want to know about solutions, value and business outcomes. Fortunately, you can tell a good cybersecurity story that considers all three. As a business partner, you have some responsibility to help your clients reduce risk. Security is also an essential driver of technology spend, so an informed approach will not only help ensure your client is getting the most bang for their buck but also expand your revenue streams.
So, how do you get started? First, gather research to ensure you can answer client questions and concerns. Make sure you can address industry-specific issues and have some idea of specific pain points or anxieties that a good security solution can help to alleviate.
A few good cybersecurity conversation starters would include:
- No one is immune to cyberattacks. Regardless of the organization’s size or the industry, everyone is now a target of cybercriminals. Moreover, these attacks are no longer just targeting enterprises; they are going after education, municipalities, MSPs and other organization types. They are betting on the idea that these types of organizations have limited recovery resources, and as such will be more willing to pay after a ransomware attack.
- Cyberattacks are increasingly costly. The average cost of a data breach in the United States is roughly $9.4 million. Costs for smaller companies may not be as high (often in the six-figure range) but can be much more devastating for organizations with fewer financial resources. A single attack can potentially put a company out of business.
- Employees are your weakest link. In a study by the World Economic Forum, 95% of cybersecurity issues can be traced back to human error. Therefore, ensuring that employees are educated on the latest cyberattack trends and basic cybersecurity hygiene — such as using strong passwords, identifying phishing scams and more — is crucial. In addition, providing them with an understanding of how data is gathered and digital identity is tracked online can dramatically improve cybersecurity posture. Security-centered MSPs and VARs can help provide training resources and other services, such as phishing simulations, to help prevent these attacks.
- A holistic approach requires more than just prevention. Attacks are much more complex and difficult to detect than ever before. Therefore, a comprehensive security solution should include prevention, automated detection and containment components, education and training, and a plan for backing up data and restoring operations.
- Cybersecurity is a journey and not a solution. The IT environment is constantly evolving, and the attack vector has grown significantly over the years. There are many potential areas where hackers can penetrate and gain access to the crown jewel — client data. As a result, service providers and their end clients must be vigilant and constantly evaluate their cybersecurity posture to ensure there are no vulnerabilities in their environment. When it comes to security, you cannot just set it and forget it; the solution needs to grow with the evolving needs of the business.
- Most companies need cybersecurity help. When it comes to small businesses in particular, most companies do not have the internal resources to address cyberattacks effectively. A reliable security partner is better equipped and can provide greater value at a lower cost than hiring more employees, with the benefit of 24/7 protection and monitoring.
That last point is vital, especially given how conservative some companies can be regarding their security spend. According to Deloitte, most businesses spend about 10% of their IT budget on cybersecurity, but smaller firms often spend even less. That is where the value proposition part of the conversation is critical: These companies can significantly enhance their protection with a smaller investment while also learning about best practices that often do not have a cost associated with them other than time spent in training.
VARs and MSPs can have successful conversations with clients about cybersecurity by providing consistent messaging around the inevitability of cyberattacks. Additionally, emphasizing how critical security is when it comes to business continuity will help shift the conversation into a consultative framework that will ultimately help bring the client around to the idea of investing in cybersecurity solutions and services.
Photo: Ground Picture / Shutterstock