Three Ways to Encourage the Importance of Security Posture

Yellow question mark on a background of black signs, FAQ Concept. 3D Rendering

Too often small businesses still think they’re not a target for cybercrime. N-able's Stefanie Hammond looks at how to help them see sense. 

“I’m not a big enough business… I’m too small… no one will want to hack me.”

“I don’t have anything of any importance that anyone would want… I’m not terribly concerned.”

“It hasn’t happened to us yet, so it isn’t something I’m worried about.”

“What you’re proposing seems like overkill to me. And besides, we don’t have the extra funds in our budget anyway. We prepare just to stay how we are.”

How many times have you heard your customers voice these kinds of objections when presenting your security proposal to them? And how many times have you struggled trying to convince them that you are just trying to improve their current protection levels to better secure their business and their livelihood, and that this isn’t just a cash grab?

Even with all of the reports that continue to circulate in the news, small-sized and medium businesses (SMBs) are still not taking their security and cyber-resiliency capabilities seriously enough.

So, what is an MSP to do?

To follow are three ways MSPs can help their customers take their security posture more seriously.

1. Continue to Educate

Stats do work. Hackers ARE turning their focus more and more these days to targeting small and medium-sized businesses because they have more data than individuals but are generally more lax in their cybersecurity standards than larger enterprises — making them easy targets for the bad guys.

By educating your customers using a few compelling stats, it can help them to see that it isn’t you telling them what to do, but you have data to back up your recommendations as well.

A compelling stat comes from the Accenture’s Cost of Cybercrime Study that found that 43% of cyberattacks are aimed at small businesses, but only 14% of small businesses are prepared to defend themselves.

And according to the article, “10 Small Business Cyber Security Statistics That You Should Know” it highlights these compelling statistics:

  • 61% of all small and medium-sized businesses have reported at least one cyberattack during the previous year.
  • 83% of small and medium-sized businesses are not financially prepared to recover from a cyberattack.
  • 91% of small businesses haven’t purchased cyber liability insurance.

And the most dire statistic comes from a Security Magazine Report: 60% of small businesses who become victims of a data breach permanently close their doors within six months of the attack.

2. Do the Math for Them

Like statistics, numbers work as well. So, if you are not accustomed to illustrating potential downtime costs and return-on-investment (ROI) when speaking with your customers, then it will help to start including discussions like these in your sales proposals.

According to the recent 2021 Cost of a Data Breach Report from IBM, organizations that lack security AI and automation took an average of 85 days to contain a data breach once it had been identified.

What does this mean to the average small and medium-sized business with minimal security protection in place? It means that for potentially 85 days, their employees will not have access to their computers, their systems, or their data to do their work. Not only does having unproductive employees translate into lost revenue for an organization, it also means that for 85 days, an MSP will be working tirelessly to try to recover their data and bring their systems back online.

At an hourly rate of $150/hour, just the remediation bill alone during this time-period could amount to $306,000.

And that total isn’t taking any other variables into account such as:

  • The cost of the actual ransomware payment (if the MSP isn’t able to recover their data)
  • Potential fines and penalties levied from regulatory bodies the business may fall under
  • Communication and notification costs from having to contact existing clients to let them know about the breach
  • Loss of existing customers and inability to sign new ones, due to loss of trust and degradation of reputation — ultimately causing the organization to go out of business

It’s about demonstrating to your customer that the cost of a breach will likely be greater than any costs incurred to mitigate and better manage the organization’s risk.

3. Leverage the experiences of your other customers to drive home your point

Stories work equally well too, especially if they are stories about similar-sized businesses, in similar types of industries, facing similar kinds of security-related issues. When you talk about how you have helped other customers of a similar size and in similar industries avoid potential cyberattacks, again it helps your customer to see that this is how you support and care for ALL of your customers. That your approach is deliberate, and it is not just a cash grab — you’re not just wanting to sell them something for the sake of selling them something.

To help with this, create and promote case studies; collect reviews and testimonials from your existing clients and be sure to post them to your website and social feeds. Social proof and peer reviews are incredible tactics that you can use to build up your credibility and sway your prospects into seeing the true reality of the situation.

Many times, prospects will not believe what you have to say (because they know you ARE trying to close a sale), but they will seriously consider the views and opinions given by their peers. So, leverage your existing customers to help you overcome objections and secure new business with new customers.

Looking for more help with sales and marketing for your MSP? Check out the rest of the Marketing section on our blog.

Guest blog courtesy of N-Able. Stefanie Hammond is Head Sales and Marketing Nerd at N-able. Regularly contributed guest blogs are part of MSSP Alert’s sponsorship program.