The question of the hour among managed IT services providers is: How do you successfully incorporate cyber security into your existing pricing structure? Below, I've outlined two solid options for you to consider.
Whichever you choose, make sure it fits with what you already offer to existing clients, and make it appealing to new clients so they pick you as their IT support partner.
Make Pricing About Clients' Needs
Regardless of the specific pricing modality you select, whether it’s pricing by the number of users or devices, it’s important to understand, and to even influence, your clients’ perception of the protection they need.
With cyber security at the forefront of the news, many owners will view a package that protects their data, enables a fast disaster recovery response and gets them up and running in the event of an attack, as a worthwhile investment.
Being able to restore data from an attack quickly can be the difference between business as usual or a company being unable to provide their own clients with services, which impacts profits and brand reputation.
When you offer needs-based pricing, you build a package that supports the client’s business as it is now and it allows you to add protection services as their business grows and as threats to them evolve.
In addition to positioning cyber security around requirements, offering pricing in tiers, where each level adds a deeper protective layer, is easy for clients to wrap their heads around.
For example, on NSI’s cyber security page, we include Webroot’s Security Awareness Training with all managed services packages, whereas larger companies, since they’re bigger targets and have some compliance requirements, would add SIEM services and SOC support.
Clients should feel that the cyber protection is relevant, so give them the context they need and set yourself up for success.
Per User Pricing
Pricing your services by the number of users a company has is often a popular choice for the client. If employees access work-related information on just one or two nodes, paying for cyber security for each employee can be reasonable option.
If you choose to price this way, calculate your fixed cost so that the price is both fair to the client and profitable for you. It should be easy to find out exactly how many users there will be, and include a clause so that you can add or remove users whenever there’s a change in personnel and a limit to the number or types of devices permitted.
The advantage of this approach to billing is that it’s easy to calculate and you will know exactly what revenue you’ll get from each client every month. The downside is that it doesn’t give much room to scale.
You’re relying on the client’s business to grow and to employ more staff, so they have more users in need of support. However, it also means that while more users increases the cost to the client, the level of support you offer is the same.
When you come to set your price, factor in things such as storage, particularly if you use a third party service, and if you’re going to give users unlimited nodes or if you’ll cap them. You might also want to check if multiple users are accessing the same device.
Per Device Pricing
Offering cyber protection per device allows you to scale protective services in ways that makes practical sense to most MSPs and clients alike.
Of course, you’ll need to know exactly how many devices there are within the organization, and consider the level of support that each device requires to arrive at a price – smartphones, workstations and servers will each have different requirements.
Many users access their work on a range of devices, so you need to know exactly what they’re using. It should also be easy for you to adjust the pricing as devices are added or removed by the company.
Continuum’s Fortify for Protection makes this approach much easier to set up.
Remember, cyber security is especially important for companies who support BYOD. Establish exactly who has access to each device within the organization, and what data they can see.
Discuss with the client the possibility of adding extra protection to any device that leaves the premises, setting up restrictions to certain websites and increasing email security.
By implementing these types of pricing strategies, your services will remain tailored to your client's best interest, as well as your business'. Your expertise and support are the biggest draws for people investing in managed IT services—and with the right pricing model, you'll be able to showcase your true selling points.
By Lily Teplow
By Brian Downey