5-Step Strategy for Selling Cybersecurity to SMBs

How do you successfully sell cybersecurity to small-to- medium sized businesses (SMBs)? First, try saying that five times fast! If you’re a managed IT services provider (MSP) looking to grow revenue through managed security, you’ve come to the right place.


The Security Market: Challenges and Opportunities

Today, MSPs are at an interesting crossroads. Managed services for SMBs in the United States is about $50 billion in total addressable market. However, the competition in this market can be fierce. With $4.7 million as the average revenue of MSPs in 2017, the market has room for about 1,000 average MSPs. But there are approximately 15,000 MSPs in the U.S.

Couple that with the fact that cyber attacks have become more sophisticated, automated, and as a result, you could say nondiscriminatory. Cyber attacks are no longer focused primarily on big “targets.” In fact, 61 percent of breaches are aimed at SMBs. Why? Because they have valuable data, can be held ransom, and they’re relatively unprotected and unmonitored.

With SMBs being the lifeblood of MSP business, a threat to the viability of the SMB is a threat to the MSP. However, this threat is also a great opportunity for MSPs to thrive and increase growth, margins, and customer loyalty.


Every SMB Needs Improved Cybersecurity. It Sells Itself, Right? 

While every SMB certainly needs more effective cybersecurity, you’ll find not every SMB necessarily wants more effective cybersecurity. Crazy, I know. But let’s face it, some businesses don’t see cybersecurity as an investment, rather, they see it as a cost center. With that in mind, to increase revenue growth, margins, and customer loyalty with cybersecurity, here is a five-point strategy to more effective cybersecurity sales and marketing.


Security Sales Success

Five Strategic Ways to Successfully Sell to SMBs

For an MSP to be successful in accelerating revenue via cybersecurity for SMBs, it starts with proper messaging that is: 

  • Educational
  • Relevant
  • Strategic
  • Practical
  • Measurable

1. Be Educational

To get the cybersecurity conversation started with SMB organizations, you’re going to need to be effective in properly educating your target audience on cybersecurity. This is best delivered in a story-telling fashion that includes:

  • Situation: What is the state of cybersecurity as it pertains to SMBs?
  • Impact: What bearing does this have on SMBs?
  • Resolution: What is the key to solving the business challenge?

This story can be supported with survey statistics and reports underscoring the importance of cybersecurity to their business.

A word of warning, however. Do not spend too much effort on this point. Cybersecurity is a hot topic as it is. There is no shortage of data breach headlines, news stories, industry reports, and associations. There are plenty of opportunities for your audience to get the message, and too much reliance on fear, uncertainty, and doubt could make your audience skeptical. If a laggard business just doesn’t see the value of cybersecurity yet, move on. There are plenty that do.

2. Be Relevant

Keep your audience’s cybersecurity maturity level in mind. A typical SMB is not going to be aware of, nor impressed by, the technology under the hood. In fact, if your message relies on the assumption that the SMB audience knows about SIEM (Security Information and Event Management), ETDR (Endpoint Threat Detection and Response), SOC (Security Operations Center), SOA (Security Orchestration and Automation), or even Machine Learning or Artificial Intelligence, you’re going to have a hard time getting interest or acceptance.

While it is certainly important to prove your solution with technical specs, this message should be secondary to the outcomes and benefits the SMB will realize from your solution.

3. Be Strategic

Keep your audience’s motivations in mind. Ask yourself, what is most important to them? Be sure to speak about cybersecurity in terms that have the greatest impact on the SMB’s priorities and business. For your current customer base, this may mean presenting a business case for greater cybersecurity by acknowledging their business’ most important strategic efforts and explaining how cybersecurity ensures their success.

For instance, you may find a restaurant customer of yours that is focused on digital transformation by migrating to a table-top point-of-sale (POS) system, wants to provide guest Wi-Fi, wants to enhance their loyalty program, and is considering a digital menu system. Just imagine the security risks these could open up, or how much more the business will rely on network security, resilience, and continuity.

Arm your buyer with the information necessary to connect your cybersecurity solutions to the success of their primary business initiatives.

4. Be Practical

Cybersecurity is complex and continually shifting. Your SMB buyer may have a hard time grasping the fact there is no silver bullet solution, nor is it a “set it and forget it” deal. Coming to the realization that effective cybersecurity is going to require a multi-layer fusion of platform, people, and process may be overwhelming.

Meet them where they are and offer a “crawl, walk, run” phased approach to get them where they need to be. The Cybersecurity Maturity Model from EventTracker is a great framework to help your buyer:

  1. Realize where they are today.
  2. Understand where they need to be.
  3. Agree on an approach to get them there in a practical timeline that ensures success along the way.

Cybersecurity Maturity Model

5. Be Measurable

Effective cybersecurity prevents attacks, detects potential threats, and reduces breach impact. You’ll have opportunities to measure the value your cybersecurity solution delivers. Be sure to:

  • Call to attention the metrics of real data breaches that have impacted similar businesses.
  • Conduct monthly and/or quarterly security reviews with executive summaries.
  • Maintain a regular cadence to keep your cybersecurity roadmap moving forward.
  • Demonstrate the value of managed security with this Total Cost of Ownership calculator. This can simply be a custom spreadsheet, but the goal is to illustrate the value of not having to own hardware, software, and staffing overhead.

This five-point strategy will keep your sales and marketing grounded. Now it’s up to you to know your target audience and apply this strategy to the tactics that are most relevant to your MSP business.


Continue Your Security Sales Education:

Download Cyber Security Sales Success Kit 2018