MSP Blog Logo


Business Growth


Help Desk



Sales & Marketing


Empowering Your MSP Business to Grow and Prosper—One Post at a Time


Featured Post

The Ultimate Guide to Success in Managed IT Services

What are the fundamentals to building a profitable managed IT services business? Keep reading to discover the four key ingredients for success.

Read Now

5 Tips for MSPs Selling Security Awareness Training

Posted May 22, 2018by George Anderson

5 Tips for MSPs Selling Security Awareness Training

In the past year, global ransomware debilitated entire sectors of some countries’ economies. Equifax was breached, exposing more than 140 million records. Yahoo owned up to losing control of 3 million users’ data. So, it’s no surprise that the cost of cybercrime has steadily risen each year for the past two years, to an average cost of $11.7 million per business.

According to the research firm Gartner, untrained users click 90 percent of links within emails from addresses outside the enterprise, resulting in 10,000 malware infections. By their calculations, the infections led to an overall productivity loss of 15,000 hours per year, which, at a cost of 15,000 times $85 (average wage), equals $1,275,000 in losses.  Verizon's annual Data Breach Investigation Report backs up Gartner's findings, pinning 90 percent of successful network breaches on users taking the bait in phishing attacks. 

But cybercrime and its associated costs can be reduced when end users are trained to be their employers’ first line of defense. Security awareness training results in reduced risk, businesses that are better protected against breaches, and more profitable MSPs.

Beyond the fast facts cited above, here are some tips for selling security awareness training as an add-on service to clients, helping you expand your business and widen margins.

1. Sell Outcomes, Not Products

Though cybersecurity is a hot issue in business today, many small- and medium-sized organizations don’t invest in security until it’s too late. What’s more, they tend to focus on security technologies and underestimate the power of the “human firewall.” Most security breaches are the result of human error, and security awareness training can be the single most impactful practice for decreasing this risk. MSPs selling the reduced-infection outcome should start with security awareness training as the best defense against threats.

2. Be the Key to Compliance

In many sectors, security awareness training isn’t just smart business. It’s required by law. Financial services, healthcare, energy, and others require end user education on at least an annual basis. Depending on the industry, organizations face stiff fines for neglecting compliance training. Plus, with the General Data Protection Regulation (GDPR) act coming into effect this week, security awareness training will be necessary for compliance for all companies holding data in the European Union. For these prospects, security awareness training may be an imperative, not an option.

3. Prove the Need with Phishing Simulations

Phishing attacks are the number one cause of data breaches worldwide, and 1.4 million new phishing sites appear each month. This stat becomes even more alarming when you consider how large a percentage of employees fail their company’s first phishing simulation. In fact, failure rates are typically around 18 percent, but this number can be significantly reduced through training. By offering free phishing simulations, the value of security awareness training becomes abundantly clear to prospects, with practically no cost to you.

4. Know the Business Model

Many MSPs offer security awareness training as an add-on paid service, since the proven value of security awareness as an additional layer of defense against breaches is so high. Others are including end user education as a standard component of their bundled security offerings, alongside endpoint security and patching services. With this pricing model, MSPs calculate that the savings from dealing with fewer incidents and service calls after customers have begun leveraging training courses and phishing simulations can actually improve the profitability of their offerings. In either model, both MSPs and their customers win.

5. Nurture Customers and Prospects

For prospects and customers who haven’t adopted security awareness training, place them into lead-nurture programs that provide steady alerts on the latest threats, and reinforce the value of training to combat them. Email drip campaigns and newsletters are ideal materials that keep your business top-of-mind for when prospects are ready to commit to an overarching cybersecurity strategy.


Handpicked for you:


George has spent the past 18 years in the IT Security industry. Initially in Business Development, Strategic Alliances and Marketing roles for Computacenter, Europe’s leading systems integrator. Then as Global Product Marketing lead for Clearswift and for the past 8 years he’s been with Webroot in Product Marketing where he is the Product Marketing Director for their Business division, covering Endpoint, Mobile, DNS Protection and Security Awareness Training. Prior to this, he worked in the Advertising and Direct Marketing industry where he held senior executive roles at Ogilvy & Mather Direct, McCann-Erickson Direct and other leading Agencies.

Topics: Cyber Security

RMM 101: Must-Haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus