The ‘Blue Ocean’ of compliance

3 reasons why YOU should be selling with a loaded gun

By Ben Liebing

“Compliance” can be a dreaded word in the corporate world, filled with nefarious thoughts of yet even more banal rules to follow and looming penalties to avoid. But in the MSP space, compliance is not an aspect of business to be shunned—it’s an opportunity to grow, progress, gain more clients, add value, and bolster your business. And like it or not, the cyber compliance market is growing by exponential leaps and bounds.

But there’s a difference between services you may already offer, like cybersecurity, and the compliance space.

Simply put, “compliance” is the ability to prove your adherence to particular legal or external requirements for data security. This is a new “blue ocean” opportunity where the highest margins are made.

“Blue Ocean Strategy” has been a massive bestseller, and disrupted the marketing world by putting forth the idea that creating and finding totally uncontested space in a practically unlimited global market is more desirable than simply out-competing in a crowd. (Cover/Amazon)

According to TMT’s Compliance Marketing Toolkit, here are three brief but powerful reasons YOU need to be aggressive on the growing world of compliance: 

  1. The money

Most people out there grossly underestimate what would happen to them—and their business—if a cybersecurity breach happens. So, like the ostrich with her head in the sand, you might choose the path that most take: avoid, ignore, and hope for the best.

But like my friend in Special Operations says: “Hope is not a plan.”

“80-90% of business purchases are made to avoid loss. We are wired to avoid loss,” says TMT Founder Robin Robins, when discussing the Compliance Toolkit. “People are more wired for risk avoidance and loss avoidance than they are for gain.”

The solution? Sell with a loaded gun.


Selling with a “loaded gun” is better than selling with a great sales pitch. “It’s not you holding the gun. It’s the insurance companies holding a gun to your clients’ heads,” says Robins. “It’s the government holding the gun to their heads. I’m not saying they are wrong for it. But there are customers of your customers who need this. What you’re selling is a bulletproof vest.”

Bottom line: here are the numbers, and they’re a kicker. The compliance, governance, and risk market will grow from a $42 billion market today to an estimated $135 billion market by 2030. McKinsey even predicts cybersecurity total market value to soon eclipse $2 trillion. As online business continues to grow, cybersecurity is becoming both more paramount, pragmatic, and precisely regulated.

The Compliance market is growing by leaps and bounds, already more than a $47 billion industry. (Source:TMT/Grandview Research)
  1. Protecting your clients

Many are seeing, for the first time, on cybersecurity insurance forms, statements like: “Are you meeting your state cybersecurity requirements?”

“Every state in the union now has a cybersecurity breach notification law,” Jon DePerro, former U.S. Army Counterintelligence Special Agent and Chief Compliance Officer of Visibility MSP says. “Every single one.”

According to DePerro, IT Services is projected to be the fastest growing segment in the risk, governance, and compliance market. The rules are here, and more are coming.

Are you ready to learn the rules, operate within them, and move forward “into the game as Hollywood director Guy Ritchie says? Or are you hoping, like a part-time babysitter trying to avoid income tax by stashing cash in a shoebox, that you’ll simply be able to skate by, undetected, ungoverned, and unbreached.

“There’s some ignorance out there,” Robins says. “There are people who simply don’t know or sometimes don’t want to learn about these regulations. But these violations are not just small fines, these are not going to be minor inconveniences.”

So how do you sell your clients on what they may perceive as extra or unnecessary cybersecurity measures?

First, it’s important to understand that these laws are not optional. Second, you may be surprised at how much money your clients may already be spending on these services. But just not with you.

“Your job as a marketing and salesperson is not to create alchemy. Go sift and sort and find the diamonds in the rough. You want to find the people who are spending money, and get them to spend with you rather than someone else,” says Robins.

Jon DePerro puts it like this: “I don’t sell compliance. I bring informed risk decisions, and give them the information,”

“If you do fear-based selling: you hit the fight, flight, or freeze. Which one do you want with a prospecting call? Fear does not lead to a good business purchase,” DePerro continues. “I want them to understand the problem, but I want them competent and confident about my solutions.”

Compliance is no longer a choice. It’s a necessary part of doing business in the MSP space and beyond.

“Without compliance, you’re extremely at risk and open to liability,” says Jennifer Morris, a Cybersecurity and Compliance Attorney Specialist. “Compliance is important for MSPs, because if you are not compliant, you are at risk of a liability lawsuit.”

  1. Retaining your clients

Losing clients  because you’re not up-to-date on compliance and governance insurance (and then get dinged for it) can cause not only institutional damage, but perhaps more importantly, reputational damage.

It’s also about moving onwards and upwards in your ability to sell at greater scale.

“Being able to consult your clients about RISK gets you in at the C-suite to have a business conversation, rather than simply being seen as the ‘Maytag repairman’,’’ says Will Nobles, CEO of Vector Choice, and Vice President of Client Coaching at TMT. “It will differentiate you from the vast majority of MSPs, and it gives you a logical and compelling reason to command higher fees.”

We all know the free market is a hyper-competitive place. But Robins, Noble, and DePerro all point out that it’s not just other MSPs trying to win your clients or take new ones: The compliance world is becoming inundated by insurance and financial companies out there selling their services to your clients.

Embracing compliance as a service isn’t just about staying out of trouble, it’s also about retaining and gaining more business by better serving your customers and providing tangible, necessary value that will also bolster your business into the future. 

“Kaseya reported that in the previous year, only 8% of MSPs they had as clients were using their compliance manager product—and now it’s 40%,” Robins notes.

“And that’s the change in just one year.”

Robin Robins is the CEO and Founder of TMT, which is the parent company of MSP Success.

Ben Liebing is the lead writer for MSP Success, the gold standard in the MSP space, providing timely and meaningful content that gives readers the tools they need to be the BEST in the business. Have a tip, story, or comment? Ben would love to hear from you! Prior to joining MSP Success, Ben worked as a Marketing Director for Tesla Motors, reported for The Cincinnati Enquirer, and served in the United States Air Force. He has lived, worked, and traveled in over 40 countries around the world.



Upcoming Events


Get Instant Access To Exclusive Interviews!

5 Secrets To Scaling A Recession-Proof MSP