MSPs are making cybersecurity sales harder than it needs to be. In fact, I hesitate to use the word “sales” because that is the center of the problem – customers feel like you’re trying to sell them.
You shouldn’t be selling customer security enhancements or projects. Instead, you should be taking your customers and prospects on their security journey. You need to develop a repeatable way of explaining the risks and opportunities that your customers will face.
Here’s an example.
I received a call from a friend who was a customer of both of my MSPs at some point. He has a new MSP now. He told me that his MSP wants to charge him a lot more than he’s already paying, but he didn’t want to change much. He mainly uses a line of business apps that is “secure”, and he’s satisfied with his backup.
I took a couple of minutes to ask him a few questions. I eventually figured out that what they were trying to sell him was some MDR and SOC SIEM. I asked him if I could explain what happens during a breach. In other words, where the bad guys are, how they come in, and how long they stay there.
The exchange went something like this.
What happens if the attackers are in there long enough, and now your backups are infected? “Oh, I never thought of that.” What happens if you have good backups, but the attackers have infiltrated your data? “That’s a good point.” What about if they hold your sensitive data hostage? “Oh, I never thought about that either.”
Basically, I summed up our conversation by explaining that he was already living with these risks. “It probably sounds like you’re going to have to invest another $25 a seat. I know that sounds like a lot, but what’s the other side of this?” I asked. We talked for about five more minutes, but in the end, he understood the importance of the additional investments.
I sat there and thought, “Why am I explaining this to my friend instead of his MSP?”
He came away from meeting with his MSP’s account manager or vCIO feeling like he was trying to be sold something that he didn’t need. And you know what that MSP’s vCIO is going to say when a customer pushes back on additional cybersecurity costs?
“My customers don’t want to spend more.”
This is why there are two realities. There are MSPs that think the issue is the customer. Then there are those of us who understand that it’s our responsibility.
Which are you?