{"id":54845,"date":"2022-10-11T18:26:27","date_gmt":"2022-10-11T14:26:27","guid":{"rendered":"https:\/\/www.msp360.com\/resources\/?p=54845"},"modified":"2024-08-14T12:18:04","modified_gmt":"2024-08-14T08:18:04","slug":"3-reasons-why-selling-cybersecurity-to-the-smb-is-a-challenge-and-what-to-do-about-it","status":"publish","type":"post","link":"https:\/\/www.msp360.com\/resources\/blog\/3-reasons-why-selling-cybersecurity-to-the-smb-is-a-challenge-and-what-to-do-about-it\/","title":{"rendered":"Why Selling Cybersecurity to the SMB is still a Challenge"},"content":{"rendered":"

As MSPs look for ways to get through to SMBs that aren\u2019t seeing the need for cybersecurity services, the answer lies in shifting the conversation away from technology.<\/p>\n

Remember when backup services first became a thing and MSPs grabbed onto the service, only to have customers tell you that it sounds like an over-glorified insurance policy? Well, trying to sell SMB customers cybersecurity services has a bit of that same feeling, doesn\u2019t it? Even though we\u2019re about 5-6 years into cyberattacks truly being a daily occurrence and an everyday topic, there\u2019s still this persistent disbelief that it\u2019s a problem that the SMB needs you to solve for them.<\/p>\n

But why is that?<\/p>\n

As you attempt to sell cybersecurity services, there are three reasons \u2013 that likely all play a role \u2013 why you aren\u2019t seeing the acceptance and adoption of this new service you\u2019re offering.<\/p>\n

Reason 1: The SMB Still Doesn\u2019t Think They\u2019re at Risk<\/h2>\n

You\u2019ve likely heard it before: \u201cThat\u2019s a problem for larger businesses.\u201d Because of the limited revenues SMBs bring in, it makes sense that they think the bad guys are focused on the \u201cwhale\u201d organizations with supposed deep pockets. But this just isn\u2019t the case. According to the Webroot BrightCloud Threat Report<\/a>, just over one-third (34%) of businesses with 21-100 employees have experienced malware infections as a result of cyberattacks, with an average of 9 infections! That same report points out that 82% of ransomware attacks targeted businesses with fewer than 1,000 employees, with 44% of attacks targeting businesses with fewer than 100 employees.<\/p>\n

In short, the SMB is most definitely a target! (They just don\u2019t know it!)<\/p>\n

Overcoming the Challenge<\/h3>\n

This may be a longer-term play, but the answer lies in educating the customer on what the state of cyberattacks looks like, who is being targeted, the ways cyberattacks occur, and what they should be doing about it. This can be implemented as a series of blogs, webinars, podcasts, etc. It definitely isn\u2019t something you\u2019re going to be able to just tell a prospective customer once and have them a) believe you and b) be ready to sign up for your cybersecurity service. So, begin to think about how you can best create (or curate) content that educates your customer. A decent strategy might be to use a tool like Scoop.it<\/a> \u2013 a curation platform where you can specify search terms and websites to watch that provides you with an easy way to grab blog posts and create your own blog quickly.<\/p>\n

\n
\n
FREE WHITEPAPER<\/div>\n
The Value of Backup in Ransomware Protection Strategy<\/div>\n
What your ransomware protection strategy should look like? Learn in this whitepaper:<\/div>\n\"CTA\"<\/a><\/span><\/span>\n<\/div>\n
\"Ransomware<\/div>\n<\/div>\n

Reason 2: They Don\u2019t See the Value<\/h2>\n

Enterprises get the fact that it will cost them a ton should they become the victim of a cyberattack. There are countless examples in the news, as well as reports that focus on the repercussions that enterprises are facing, and the risk alone is enough to get an enterprise business\u2019s attention. However, the SMB is trying to keep the lights on, pay the bills, and make a little profit \u2013 so they likely see a ton more risk in just keeping the business going and are less concerned about the threat of a cyberattack.<\/p>\n

This means that cybersecurity has little value to them, as it isn\u2019t mitigating any business risk.<\/p>\n

But, according to the CyberCatch Small and Medium-Sized Businesses Ransomware Report<\/a>, three-quarters of SMB customers\u2019 businesses wouldn\u2019t survive more than 7 days after a ransomware attack. Being out of business a week from now is a significantly larger risk than anything your customer is currently concerned about. The trick is to get them to understand just how much business risk we are talking about.<\/p>\n

Overcoming the Challenge<\/h3>\n

As with the first challenge, this one comes down to education as well \u2013 but an education that will likely not take anywhere near as long. Once you have a prospect who understands that the threat of cyberattacks is a reality, the education they need is to understand what the impact will be on their business should they succumb to an attack, how it will affect their ability to operate, how long recovery will take (assuming you\u2019re already offering backup and recovery services to them), and what it will cost them in practical terms.<\/p>\n

Use of customer anecdotes (leaving names out of it, of course), projections based on what data protection they have in place, as well as industry data \u2013 all presented through the lens of \u201cwhat\u2019s at risk\u201d from a business perspective \u2013 is what it\u2019s going to take to get them to see the value.<\/p>\n

Reason 3: You\u2019re Having the Wrong Conversation with Your Customer<\/h2>\n

Most MSPs started as one or two IT pros deciding to do it on their own, where talking tech with a customer was pretty much second nature. Hopefully, you\u2019ve learned that your customer doesn\u2019t care one bit about the tech being used; they care about how it keeps them operational, how it helps them grow, and how it makes them profitable.<\/p>\n

So, if you come in guns blazing, telling your customer \u201cyou need cybersecurity\u201d, telling them all about the layered defense strategy you employ, their eyes are going to roll into the back of their head. Don\u2019t talk about technology with them \u2013 that\u2019s the wrong conversation to be having. All your conversations about new services (cybersecurity included) should start with the customer\u2019s pain and your ability to take that pain away.<\/p>\n

Overcoming the Challenge<\/h3>\n

Begin the conversation by talking about operations, the business, what aspects are critical, etc. (and, if you\u2019re already providing disaster recovery services, focus in on the protected workloads from a business standpoint). Ask your customer how impactful it would be if workloads were inaccessible, employees couldn\u2019t work, and if they had to spend cycles and money dealing with a data breach or ransomware attack. In short, what if they couldn\u2019t operate? Then ask how long they could sustain the business (likely measured in days) before it became truly catastrophic. Then talk about the value cybersecurity services offer, perhaps citing what percentage of attacks are stopped by the solutions you employ (no doubt well above 99-point-something percent) to protect them and prevent cyberattacks from taking shape.<\/p>\n

\n
\n

\"WP<\/p>\n\"CTA\"<\/a><\/span><\/span>\n<\/div>\n

\n
The MSP\u2019s Response Guide to a Ransomware Attack<\/div>\n
\n

Read our free guide to learn about:<\/p>\n

    \n
  • Common MSP vulnerabilities;<\/li>\n
  • How to prepare for a ransomware attack to keep your clients safe;<\/li>\n
  • Which actions response to a ransomware attack should involve;<\/li>\n
  • How to manage clients while handling an attack.<\/li>\n<\/ul>\n<\/div>\n<\/div>\n<\/div>\n

    Notice that nowhere in the conversation are you discussing tech, where solutions are deployed, how it works, etc. It\u2019s purely a business conversation. It\u2019s no different from if you were selling a machine that would replace a customer\u2019s manual process \u2013 you\u2019d ask how much it costs to perform the process manually, what kinds of errors occur (and their impact), and then discuss how your solution provides the customer with the outcome they want (a more productive and cost-efficient way to perform the process). You wouldn\u2019t lead with how the machine offers these features and those capabilities; you\u2019d just talk about how it takes away the customer\u2019s pain. Do the same thing but talk about the pain that cyberattacks will eventually bring to the customer and how they can prevent that from ever happening.<\/p>\n

    \u201cSelling\u201d Cybersecurity<\/h2>\n

    By now, you should realize that you\u2019re not going to sell cybersecurity at all; in fact, you\u2019re selling uptime, resilience, operational availability, productivity, and profitability \u2013 all in the face of a cyberattacker who seeks the exact opposite. So, realize you\u2019re in the business of keeping your customer in business, and modify your sales strategy to educate them on how a cyberattack would affect their business, how cybersecurity mitigates the risk, and the impact your services will have on keeping the customer operational.<\/p>\n","protected":false},"excerpt":{"rendered":"

    As MSPs look for ways to get through to SMBs that aren\u2019t seeing the need for cybersecurity services, the answer lies in shifting the conversation away from technology.<\/p>\n","protected":false},"author":85,"featured_media":54847,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[877,885],"tags":[],"class_list":["post-54845","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-articles","category-other"],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/54845","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/users\/85"}],"replies":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/comments?post=54845"}],"version-history":[{"count":4,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/54845\/revisions"}],"predecessor-version":[{"id":58332,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/posts\/54845\/revisions\/58332"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media\/54847"}],"wp:attachment":[{"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/media?parent=54845"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/categories?post=54845"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.msp360.com\/resources\/wp-json\/wp\/v2\/tags?post=54845"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}