Selling Cybersecurity: Five Ways to Get to Yes

Cyber security technology and online data protection in innovative perception . Concept of technology for security of data storage used by global business network server to secure cyber information . Elements of this image furnished by NASA (

Due to increasing cyberattacks, protecting infrastructure from cyberthreats has topped the budget of many small and medium-sized businesses (SMBs). SMBs invest in the security of their infrastructure by either establishing an in-house team or employing external cybersecurity services from managed service providers (MSPs). Since employing MSPs is less costly and more reliable, SMBs usually take this route.

However, many SMBs are still unaware of the need to secure their infrastructure from threat actors, making it difficult for MSPs to convince them to buy their security services. This article shares strategies to crack this SMB hesitation and achieve that coveted sale.

#1 Disorient and orientate your prospects

As a rule of thumb, SMBs’ hesitation is firstly psychological; many simply think their businesses are too small to be targeted by cyberattacks. According to a Forbes report, 57% of SMBs believe they won’t fall victim to an attack; at the same time, nearly 20% reported an attack in the previous year because of their attitude toward cybersecurity. This trend will predictably continue, with cyberattacks on SMBs reportedly increasing by 67% between 2018 and 2020.

Many SMBs rely on firewalls, antivirus software, and strong passwords. These are not foolproof cybersecurity measures. MSPs, on the other hand, have powerful technology stacks that SMBs can't afford to utilize individually. You, as an MSP, must reorient your SMB prospects to the real security risks that exist and explain the downsides of not taking such risks seriously.

Risk to their devices and database

SMBs hesitate due to their lack of budget for security services. Your job is to make them realize that the cost of recovering from a malware attack is higher. In the United Kingdom, midmarket businesses lost well over £30 billion to cyberattacks. No matter the size of the business, data such as passwords and credit card details are valuable and must be protected.

Risk to their business

A hacked business loses the trust of both existing and prospective customers. Damage caused by malware results in 60% of SMBs having to shut down within six months after falling victim to a breach.

Litigation and sanction risk

Some SMBs rely on cybersecurity insurance but lack an understanding of the policy's limitations. Cybersecurity insurance policies only pay for damaged devices and a fraction of business losses. They do not cover the cost of litigation or government sanctions.

#2 Demonstrate cybersecurity expertise

SMBs won't buy the security services of an amateur-like MSP. You can implement the following strategies to display your expertise.

Service portfolios and demos

These will break down the services you provide alongside the value they bring to a business. A professional portfolio should include graphics and charts, with a link to a demo on your website or landing page.

Client testimonials and recommendations

Make sure to include these in your portfolio and demo. They should include the ROI achieved for past clients; even any loss prevented is priceless: downtime, ransom payments to hackers, compliance sanctions, damages, and compensation to litigants.

Webinars and reports

Creating seasonal reports, whitepapers, and policies, as well as organizing webinars, can go a long way toward establishing your expertise. They also show you as a firm that’s current with global trends in cybersecurity.

#3 Look secure and be secure

You cannot give what you don't have. An MSP with a history of data breaches will almost certainly lose its pitch.


Stay innovative and adopt new technology that offers solid data encryption and backup solutions. Use the latest endpoint protection, email security, firewall, and patch management in your company.

Success stories

Make sure people know about your real-world achievements like attacks you've prevented or data you've helped clients recover. Share how you reduced the number of breaches and attempted breaches in your clients' networks after you took over their security.

Reputable SaaS security

Use only firms with solutions that offer vibrant remote monitoring and management (RMM) features, as well as sophisticated systems for backup and disaster recovery (BDR). Hackers know that MSPs handle clients' sensitive data and have now become the bad guys' core targets.

Through just one breach, NSI, a cybersecurity MSP, reported that 22 of their SMB clients' databases got infected with ransomware. Although NSI helped the majority of them restore their data, four customers that lacked adequate backups paid the ransom. Therefore, as an MSP providing security services, you must be secure.

#4 Strategize and query effectively

Having one-on-one discussions with your prospective clients helps you build relationships with them. To fully leverage this potential, implement the following strategies.

Intelligent queries

Ask questions that alert your prospect to their cybersecurity needs, such as their security posture, their policies for remote workers, and what recovery packages they have in place in case of attack. Educate them on the need for regulatory compliance, such as activating multi-factor authentication for their web and digital applications. This makes them believe they need your professional help and will benefit from your solutions.


Make sure to offer incentives to your existing and new customers to refer your services to their partners and colleagues. Provide easy-to-use templates that will assist them in introducing others to your MSP.

Bundled security packages

Bundle your services and make them affordable. They should be highly effective and fit the SMB's business setting. When you offer a strong service, you can increase the price later.

Remember, never promise more than you can offer. Promising 100% security isn't realistic. Instead, display your incident response skills, such as encryption, decryption, backup, and data recovery.

#5 Offer free cybersecurity training and assessments

Sharing value is the fastest way to sell cybersecurity services. Here are a few tips.

Free cybersecurity training

The purpose here is to enlighten SMBs that being security-compliant is not enough — being vigilant is also key, as staff are mostly targeted through social engineering. The city of Riviera Beach reportedly paid $600,000 to retrieve its systems that had been locked in a ransomware attack and spent almost $1 million on new computers and systems, all due to a breach caused by an employee that downloaded malware by clicking on a phishing link in an email.

According to a 2022 Acronis report, 30.6% of all received emails were spam, and 1.6% contained malware or phishing links.

Free cybersecurity assessments

Examine the company's information security infrastructure and strategy — at no cost. This will reveal the SMB's vulnerable security points that hackers could exploit. Consequently, sell your ability to monitor these vulnerabilities and remediate them.

Penetration tests

Execute penetration tests on a prospect’s network to further exploit their weaknesses — via brute force attacks or by social-engineering their staff. This process, called "ethical hacking," aims to discover areas in need of improvement. A low overall score will compel them to patronize your security services.


To sell your cybersecurity business, you have to showcase your threat detection and response expertise. Share results of having protected your clients' critical infrastructures and filled their cybersecurity gaps with existing and emerging next-generation technology.

To stay on top of the game as a cybersecurity MSP, maintain an eagle eye on the cybersecurity landscape for innovative solutions to emerging threats. Make sure to use cybersecurity SaaS tools that facilitate around-the-clock monitoring and the detection of threats with spontaneous disaster recovery.

Finally, enlighten your SMB prospects on the consequences of not having a robust security strategy in place in 2023, with the average data breach cost forecasted to hit $5 million.

All of this will help you close deals with numerous small and medium-sized businesses looking for managed security services.

This guest blog is courtesy of Acronis. Read more Acronis guest blogs here. Regularly contributed guest blogs are part of ChannelE2E’s sponsorship program.