Maintaining a client’s network is more than just a one-time deal because MSP security needs to be a continual process. Unfortunately, many clients that your business interacts with believe security is a problem-solving experience and not an ongoing challenge. For your MSP company, getting executive level leaders to understand how and why they need ongoing security services is difficult, but a key component to keeping your customers safe.
Dealing with Overconfidence
Your sales and technical teams both see overconfidence regularly when it comes to cyber security. All CEOs like to believe that they are investing plenty in keeping their company’s computer and network systems safe. If this were true, there would never be any instances of cyber-hacking and data theft. However, breaking the overconfidence of your clients’ financial decision makers is difficult. Data is a key part in swaying their biases. Comparing baseline data of similar firms can highlight the actual effort and results seen from other companies. This data is real data and it is something that a C-level executive can understand.
More than Packets
Not only is pulled data from other companies relevant, but it is also very close to home. These examples, specifically where there was a leak or theft of data, vividly shows what is at stake. For MSP security, there are significant consequences for breaches, and these negative events help shape the perceptions of the decision makers you are selling your services to.
For the most impact, focus on the risks that matter to your clients. While your focus is on packets, data integrity, and uptime, a high-level executive isn’t going to have an emotional attachment to them. On the other hand, loss of revenue, regulatory fines, and public relation nightmares are more motivating.
Using the right phrasing around cyber security goes a long way to getting decision makers on board for ongoing security services. Risk mitigation is commonly used to describe the desired outcome of security services, yet this phrasing makes it seem like a short-term project. To mitigate risks, you take certain steps and then the risk is mitigated. This mindset doesn’t work with cyber security because it is an ever moving target. Instead, cyber security outcomes that are revered to as risk management techniques appear to be more continual. It is an ongoing process that shifts and changes as the environment change.
Changing the Definition of Success
Measuring the success of an investment helps high-level executives justify their spending decisions. Old metrics of security successes are often outdated and provide a false sense of security. Just because no one with ill-intents found a hole in their systems this month, doesn’t mean that their security measures are up to date and well formed. With all the complexities and human interactions, there are always weak areas and risk spots that need to be fortified. Finding these potential risks are key in addressing the changing landscape of cyber security, but your services need to be the ones to find and correct these bugs. Metrics that focus on improvements and adaptation are more relevant to the current nature of cyber risks and security.
The testing of a client’s current infrastructure and processes also help address where more investment would be worthwhile. For example, if a testing phishing email results in many internal employees sending their log-in credentials, training on phishing schemes is a great investment. It is clearly needed if your client’s own staff is so quick to allow access to sensitive information.
Your business knows that good security isn’t a one-time deal. It is an ongoing process to improve infrastructure, programming, and individual habits. Selling MSP security as an ongoing process requires changing the perceptions and biases of decision makers. To do so, remember what matters to their perspective and create an environment of continual improvement.