This article was written by guest contributor Jon DePerro, vice president, FedRAMP and Compliance Solutions, at Kaseya.
If you’re an MSP looking to break into the manufacturing vertical—or deepen your foothold—now is your moment. Why? Because manufacturing is now the No. 1 target for ransomware, overtaking even healthcare, according to the FBI 2024 Internet Crime Report. That’s a big shift. And for MSPs, it’s a big opportunity to position yourself as a strategic risk advisor and design a full business continuity and disaster recovery (BCDR) plan tailored to their business.
This isn’t about scare tactics—it’s about bringing new data to the table and helping the business owner make an informed decision based on today’s risk landscape, not outdated assumptions. Whatever was true five years ago, when they may have passed on investing in robust BCDR, doesn’t matter now. What matters is, they’ll be next unless they’re prepared.
Why Manufacturers Are Ransomware Targets
Manufacturing firms, unless they’re defense contractors subject to CMMC requirements, typically underspend on cybersecurity. Unlike healthcare, finance, and defense industries, which know they are regulated, non-defense manufacturers may know what they should do, cybersecurity-wise, but may “chance it” because there’s no regulatory oversight and their budgets are tight.
And unlike a healthcare data breach, which has a payload of personally identifiable information (PIA), the ransomware attacker doesn’t care what the manufacturer’s data is—they only care that they need it. And the No. 1 way to fight ransomware? Proper, holistic backup and disaster recovery.
First Step in the Sales Process: Getting to Acceptance
When meeting with a manufacturing prospect or even a current client, the first step is to get the business owner to accept they have a problem. You have new information. Point to the FBI report. They are the No. 1 target. Period.
Then ask:
- How long can you afford to be down? One day? Two days?
- How long would it take you to recover from a ransomware attack?
- Do you have a true business continuity plan, not just a backup?
- Have you tested it?
- Are all your critical systems—including cloud-based ones—actually covered?
This is a risk management discussion and your opportunity to be a thought leader, helping manufacturing companies position themselves to prevent and respond to ransomware incidents. You’re not criticizing their previous decisions around BCDR, but you’re pointing out that the data has changed and it’s time to revisit how they’re protecting themselves against ransomware.
You want to give them the opportunity to make an informed decision, to say, “No matter what happens, I’ve got to be up and running within 12 hours or 12 days,” whatever it is.
Then you deliver a business continuity and disaster recovery plan that meets their recovery time objectives and you test it after deployment. The time to find out your BCDR wasn’t configured right is not when they call you with the Blue Screen of Death.
Be Ready to Counter Common Objections to BCDR Spending
Your marketing campaigns and sales playbook should all reflect this new information from the FBI. But even with this data in hand, some prospects may still push back. Here are some common objections and counters to them:
“It’s in Microsoft—they back it up, right?”
Nope. Microsoft’s shared responsibility model puts the burden on the client.
“If it all goes down, I’ll just buy new systems.”
Buy what, exactly? Data? Intellectual property? Customer history?
“It’s in the cloud, so I’m safe.”
Not true. And your backup server? You think the attackers don’t look for that, too?
Don’t Leave Money on the Table
MSPs should be selling holistic BCDR solutions and the exercises to test them. This is where many MSPs are leaving money on the table. If you aren’t leading with business continuity and disaster recovery, you should be. Not only is it the best defense against ransomware—it’s also the wedge to open bigger strategic conversations.
This is also your opening to land those larger clients you’ve been chasing—the 200-, 400-, 600-seat manufacturers who do have the budget but need someone to guide them.
So be the MSP that called it before it happened. The one that walked in with clarity, a plan, and the tools to deliver it. The soothsayer. The trusted advisor. Because in manufacturing today, it’s not if they’ll be targeted by ransomware. It’s when.
For more from DePerro, see Compliance Is Your Path To Higher-Value Clients
