Talk Cybersecurity To Me

MSPs are from Mars.

Your customers are from Venus.

This is especially true when it comes to spending money on cybersecurity.

Small and medium business owners and decision makers, who are frequently grappling with stretched-thin budgets, only hear “cost center” when you talk with them about endpoint protection or cybersecurity awareness training. Instead, you need to help nontechnical decision makers view cybersecurity through a business lens. If you can frame cybersecurity as a foundational element of business operations, they will understand the business risk of not adopting a security mindset.

In this Q&A, Chris McKie (pictured above), vice president of product marketing, Security Suite, Datto, recommends ways you can talk with your customers about the business case, and why they need to prevent financial and reputational loss by protecting their business.

Q: MSPs need to help SMBs understand how important cybersecurity is, without turning them off with techie talk. What have you seen work in real life?

Chris McKie: MSPs should start the conversation by focusing on risk management, business continuity, and operational impacts to illustrate the importance of cybersecurity for the modern business. Use real-world data and stats to bolster your message. This approach will help you better express—and help your customer better understand—the immediate need for improving their IT defenses, all while fostering a more proactive stance toward cybersecurity within their business.

Q: Why has investing in cybersecurity been a challenge for SMBs?

McKie: The journey toward cybersecurity maturity ranges from those still questioning the basic need for antivirus software to businesses with sophisticated, proactive security operations centers (SOCs). The path will be unique for each organization.

It’s scary to think, but also sad to realize, that securing additional funding for IT security has been, and continues to be, a common challenge. For years, many businesses have viewed security as a cost center. This makes it a daunting task for MSPs to convince customers that they need to increase their cybersecurity budgets. The ever-expanding attack surface and the sophistication of cyberthreats mean that cybersecurity is an ongoing endeavor, however, necessitating continuous investment.

You can improve your messaging around cybersecurity by helping your customers view it through the lens of business benefits. Shifting the conversation to emphasize risk management and the inherent uncertainties in security can help make the case for additional investments. This can then lead to the acquisition of necessary tools and technologies, even when their function may not be immediately apparent to non-experts.

Q: How does the need for cyber insurance help MSPs “sell” security?

McKie: The required solutions needed to comply with insurance company security mandates can be a great sales conversation starter. Looking at it from [a] cyber insurance requirements perspective, endpoint detection and response (EDR) is often mandated. In addition, managed SOC or managed detection and response (MDR) is increasingly required. Security awareness training is also one of those check-box items that is a powerful and relatively affordable tool to offer customers.

Another way you can help direct the spending is by conducting tabletop exercises that simulate cyberattacks with your clients. It is a way that you can go in, meet with business owners, and conduct a make-believe scenario around ransomware. Having these exercises regularly further installs you as a cybersecurity expert and shows where the client’s gaps are.

RELATED: Kaseya 2024 MSP Benchmark Report: Cybersecurity Is A Top Revenue Driver For MSPs

Q: What should MSPs be recommending that their SMB customers do NOW to bolster cyber resilience and counter digital threats effectively?

McKie: It’s all important—from prevention to detection to remediation. But a new area in the security world I’m excited about is called SASE (“sassy”)—secure access service edge. It’s geared to protect remote and hybrid workers just like [they] are behind the corporate firewall. VPNs can’t do that.

The real question is, how long is it going to take you to recover from a cyberattack? MSPs have an opportunity to expand revenue and help their customers reduce downtime with solutions like BCDR, managed SOC, and incident response planning. Your customers need to understand that backup is a huge part of their security posture. It’s not enough to say you are doing backup. Be sure to test your customers’ backups regularly … and don’t forget to back up their SaaS applications like Microsoft 365, Google Workforce, and Salesforce.

Q: At the end of the day, breaches happen. What does good communication around cybersecurity incidents look like?

McKie: If you are doing tabletop exercises in advance with your customers and have an incident response plan, everyone will know who to contact internally and externally, and when. Know who your local FBI contact is … they have a cybersecurity task force set up to help. Mistakes happen when people are nervous and rushed—so prepare beforehand and know the game plan, because sooner or later, it’s probably going to happen. In terms of communications with your customers, the key thing is to be clear and transparent. Communicate early and often—sharing what you can. Many companies will take months to report a breach, and it negatively impacts their customers’ confidence in doing business with them.

Q: Any closing words of wisdom?

McKie: Cybersecurity is a never-ending battle. Because of this, it’s important to have conversations that help nontechnical business leaders and stakeholders understand that cybersecurity is a goal and journey, not a destination. Compliance is not security. Having a firewall is not security. Even if you use the latest and greatest tool stack out there, there’s no such thing as 100% security. Strong security revolves around people, processes, and technology. Help your customers recognize that all three—not just technology—need constant nurturing, development, and attention to build a cybersecure culture and resilient workplace.



MSP Success Magazine

MSP Success Magazine is a print and digital publication dedicated to helping the CEOs and owners of managed IT services businesses build strong, profitable, growth-oriented businesses. Written and published by Robin Robins, founder of Technology Marketing Toolkit, this magazine is uniquely focused on the topics of marketing, client-acquisition, sales, profitability, leadership and personal development.


Get The #1 Media Source For MSPs!
Thousands Of MSPs Trust
MSP Success Magazine
For The Best Industry News, Trends And Business Growth Strategies. Subscribe now!

Upcoming Events

Stay Up To Date

Thousands Of MSPs Trust
MSP Success Magazine
For The Best Industry News, Trends and Business Growth Strategies

Never Miss An Update