For most MSPs, it used to be a straightforward task to cover your bases around security. Simply bundle an antivirus product suite and internet firewall with your services and you looked like a hero. But technology and how we use it has changed, and the threat landscape has changed with it. In fact, one in 323 emails to small businesses are malicious, states Symantec’s 2019 Internet Security Threat Report. And according to Continuum’s report, Underserved and Unprepared: The State of SMB Cyber Security in 2019, 6 in 10 (or 62%) of small businesses report that their organization lacks the skills in-house to be able to properly deal with security issues.
The Risk of Not Investing in Security
Our panelists talked a lot about the risks that companies—both MSPs and their clients—have when they are not fully invested in security. They keep abreast of the news and open their sales approach with the latest breach in the news. It adds a reality of to “this can happen so be prepared” to the discussion.
Jay shared that, “Over 300 MSPs have had their practice hit by a cyberattack each year and at the exact same time we're dealing with the fact that the opportunity is huge. The growth year over year exceeds 14%. And as we found out in our recent report, Underserved and Unprepared: The State of SMB Cyber Security in 2019, over 93% of the 850 SMBs interviewed would actually change service providers to get the right cyber security solutions and they'd pay more for it. So this opportunity is big. MSPs also need to make sure to take care of their own shop.”
Ann stressed that MSPs need to help their clients “really think through what's the cost of downtime, what's the cost of the reputation. It takes a while to get them to actually think these through. You can talk about downtime with them, you can talk about the impact of their business, you talk about losing the data, but they really have to stop and just think and imagine what it would be like to have no data and then, it starts sinking in. When talking through these, they often come to realize they cannot afford not to make the investment in the right security solution."
Scott added, “One of the amazing things is when you sit down with the asset owners, a lot of them hadn't really thought of what their true business assets are.” For publicly traded companies, this is their reputation. “And anyone can on a moment's notice get breached. You have to guide them through the scenario and impact if they did get breached."
Scott then shared that the ‘aha’ moments come whenever he starts using numbers and percentages to illustrate the impact of the breach from a recent Wall Street Journal story. This helps to quantify the reality of the need to be secure. Referencing the Wall Street Journal as the expert source is powerful, too.
How MSPs Educate Clients About Security
Our panelists talked about the important of educating their clients about investing in security—and the risk of not investing. All panelists agreed having the recent stories in the news at hand to share as reality that this can happen to you is beneficial to open the security discussion and grab attention.
Jay explained, “We've found that if you can get the entire business engaged at a lunch event and show them what's going on in the real world (breaches and other risks security can prevent), that not only helps you reduce your risk with that client, but also gets that client to further engage with you on what else they should be doing to protect their investments.”
Ann said that talking about what a customer is doing to protect their business, their customers and their employees is an important part of the conversation. Jay added to be sure and ask questions like: “What keeps you up at night? When talking about risk and cybersecurity, what are what the problems in your business that most concern you? And then we'll figure out where, and if, cyber fits into that equation.”
The panelists agreed to add to the story or security pitch, “What would happen if you lost all your data?”
Scott says he asks clients to describe their worst day. He asks that question to C-levels and all the way down because everyone's worst day differs. This discussion surfaces their own fear, uncertainty and doubt, which is a good segue to explaining what you can do to address security.
Ann suggested that MSPs check out Continuum University. "There's short videos on there that folks can squeeze in between other tasks, and I'm excited about the new Continuum Certify Program coming to Navigate in October."
Overcoming the Challenges of Selling Security
All of our panelists reiterated that educating their clients about security helps to keep it top-of-mind. Ann added that, "Investing in security can be a challenging priority to convince clients to make. You have to stress that it should be treated as important as keeping your network up and running. Your security, just like your network, needs to be up to date to keep the business running. Clients need to think about security as a different element of what they need to do. Because it's not like you're not going to get rid of five computers for your employees so you can increase security.”
This discussion helps to get through to the decision makers who own budget. “It is key that they really understand the risks of not investing in security You want to make sure that you're not going to be the a position of: ‘How come you didn't tell me this? Or ‘I didn't understand that my logs would all be wiped away.’ It's really important that the people who need to know that in the company actually know it.”
Scott and Jay talked about offering a Security Assessment to help combat objections and trigger the "aha moment."
Scott said that he would say he would normally charge $5,000 for this assessment. But, if the client signs up for the “managed security plan,” then the assessment fee is waived. That has proven to be a powerful sales statement for his company.
Jay then talked about the assessment tool Continuum offers. “If you're an existing customer of ours and have access to our RMM tool, Continuum Command, the assessment reports can illicit some great conversations on assessment gathering. MSPs are using the reports to drive that compelling event prior to the client getting hit by an attack. It’s easy once they have been hit, but the reports help to drive and show them where they have risk upfront. Ann added, “The assessment reports are a very useful tool and are really nice looking reports. They're very presentable and they're super easy to run.”
The Future of Cybersecurity
Next, we talked about the future of security.
Ann: “Security is key to everything. I think all businesses are we're really catching up on this curve, and are really dependent on technology. They're dependent on data. So much of our lives revolve around all the things we take for granted every day that we can do online and how we conduct business. Protecting that is where we see the trends right now. It's in the news. People are starting to ask about how their own data is being protected. And I think that's just going to keep increasing. What we do is really critically important. And I think it's really a mission to get small businesses. More consumers are going to be demanding to do business with folks that are actually going to protect their data.”
Jay: “Today, we're hearing about GDPR, cybersecurity essentials and the California Consumer Protection Act as well as some other data and privacy issues. At the same time, we're hearing about AI, IoT and machine learningand these newer technologies and how they're all going to come together. Cybersecurity is actually going to be in the middle of this. And a recent report from IDC says that by 2022, 50% of an MSPs’ revenue will be based around cybersecurity. So when you start tying in the new technologies and the new capabilities with cybersecurity, your clients are going to demand that because they're going to be forced to deliver on privacy solutions. You don't get privacy without security.”
To wrap our hangout, Ann added, “It's a really exciting time to be an MSP working in security. There's an emerging sense of urgency among SMBs that they really need these kind of services. It really gives companies like us a real sense of mission that what we're doing is really going to make a difference for our clients."
To hear more of this informative discussion from our MSPs in our hangout “How to Sell Security with Confidence,” click here!