Small and medium businesses may be increasingly savvy about the need for cybersecurity, but they can still be cheapskates when it comes to spending on advanced security like endpoint detection and response (EDR). But can they afford not to?
According to IBM’s Cost of a Data Breach Report 2024, the average global cost of a data breach jumped 10% to $4.88 million. While that number is obviously lower for SMBs, any financial hit can be devastating to their business.
That’s why EDR, which continuously monitors end-user devices (laptops, desktops, tablets, etc.) to detect and respond to cyberthreats such as ransomware and malware, is essential for SMBs. And according to IDC, 43% of SMBs today rely on MSPs for EDR.
Point-Counterpoint
You know your MSP clients need EDR, but some may not be convinced. Here are some common objections to EDR solutions your customer or prospects may raise, and how to address them.
1. “We already have anti-virus, isn’t that enough?”
Not anymore. Anti-virus solutions identify and block known threats, but they can miss new or unknown threats. EDR solutions continuously monitor the endpoint for suspicious activity, even if the threat is unknown, and can automatically take actions like isolating infected devices or blocking malicious processes before any damage is done.
2. “We’re too small to be a target.”
Not true. Cybercriminals target SMBs for several reasons. One, SMBs cannot afford enterprise-level security; and two, they have valuable information such as customer data, financial records, and intellectual property.
3. “It’s too expensive.”
It’s cheaper than ransomware. According to the State of Ransomware 2024 report from Sophos, 63% of ransom demands were for $1 million or more, with 30% of demands over $5 million.
4. “We have cyber insurance, so we’re covered.”
Cyber insurance helps you recoup some of your losses when your business is down from a cyber event, but EDR stops that event from happening in the first place. Importantly, many cyber insurance policies require security controls. If yours requires EDR and you don’t have it, your claim could be denied.
5. “We trust our employees not to click on malicious links.”
Really? Consider this: According to Proofpoint’s 2024 State of the Phish Report, “71% of working adults admitted to taking a risky action, such as reusing or sharing a password, clicking on links from unknown senders, or giving credentials to an untrustworthy source. And 96% of them did so knowing that they were taking a risk.” If your users do click on a malicious link, EDR can detect malware and prevent it from executing.
Now That You’ve Got Their Attention
In IDC’s Spotlight report, Plugging the Antivirus Gap for Small and Medium-Sized Businesses: Endpoint Detection and Response for Everyone, analyst Mike Jude writes, “The responsibility lies with managed [service providers] that wish to do business within the SMB market to deliver reasonably priced EDR and easy-to-use solutions to their SMB customers.”
With Kaseya 365 Endpoint, MSPs can do just that. For one low-priced subscription, you get everything you need to manage, secure, back up, and automate all your endpoints. The tools are all integrated and live within the unified interface experience of Kaseya 365 Endpoint.
Now you can provide advanced cybersecurity to all your customers—even those who don’t want to pay for it—and still make a good profit. Hard to argue with that!
For more on talking with clients about EDR, see Endpoints Are Under Fire: From EDR to XDR, Help Clients Pick the Right Defense.
