Podcast featuring Jennifer Bleam
There are several reasons why IT professionals struggle to sell cybersecurity. Sometimes there is a mistaken belief that business owners don’t really need “that much” protection. And if someone tries to sell something that the prospect doesn’t really need, you’ll feel sleazy. This is particularly true when an MSP hasn’t been through a security incident themselves or helped a client resolve an attack.
Sometimes, my clients are just uncomfortable selling this because they don’t have much practice. They have a lot of experience with selling managed services, selling managed backup, even selling co-managed or staff augmentation, but selling cybersecurity is new. And, anytime there’s something that is new, there is this unease.
If you prefer to listen to the full interview, check out the podcast below.
So sometimes my clients equate this general discomfort or uneasiness with “unethical” or “sleazy.” In reality, they’re uncomfortable because they've never done it before. They don't have a ton of experience doing it. So that's, that's where this discomfort comes from. It's just a lack of experience, a lack of muscle memory.
Something else I preach to my clients is that we must always answer, “What’s in it for me,” from the perspective of the user.” If the user can’t understand why they need cybersecurity; if the user has never experienced a breach; if they want increased productivity or ROI – then they aren’t primed for a cybersecurity sale. So you must “prime the pump” for your prospect by helping them understand the value of cybersecurity.
So, cybersecurity sales is a risk-mitigation sale, which is different from what most MSPs are used to selling. While our clients see the same headlines as we do, they’re somehow oblivious to the danger. Their brains filter it out. Once you’ve told them often enough that they’re at risk (hello…marketing…) your community will begin to tune in to ransomware attacks, lost data, and breaches – and they’ll realize their need for better security. They’re realize that you were telling the truth when you encouraged them to get serious about protecting their data and mitigating their risk. But until they’re aware, they will be skeptical. Your job is to wake them up.