MSP Cyber Solution Playbook
Using customer trust to bundle and sell more cyber with the CANT Cyber Sales Method. Preparation based cyber-sales objection handling that works.
Also includes:
- Six (6) illustrated Service Descriptions
- Cyber Solution Reference
Bonus: CANT Cyber Sales Method Poster (8.5" x 11")
MSP Cyber Solution Playbook
Using customer trust to bundle and sell more cyber with the CANT Cyber Sales Method. Preparation based cyber-sales objection handling that works.
Also includes:
- Six (6) illustrated Service Descriptions
- Cyber Solution Reference
Bonus: CANT Cyber Sales Method Poster (8.5" x 11")
MSP Cyber Solution Playbook
Using customer trust to bundle and sell more cyber with the CANT Cyber Sales Method. Preparation based cyber-sales objection handling that works.
Also includes:
- Six (6) illustrated Service Descriptions
- Cyber Solution Reference
Bonus: CANT Cyber Sales Method Poster (8.5" x 11")
Educate your customers about your cyber offering
Your customer has probably already made a choice, but it’s important the customer knows how their choice relates to your offerings.
Early security conversations with a customer should be focused on establishing your company as a security brand. The offering details are not important (and counterproductive) if they are not feeling the type of urgency or need that stimulates security investment.
As part of the risk disclosure, you’ve made a recommendation.
Following the sample risk acceptance form is an example offering sheet you might provide a customer who is not ready for advanced cyber now (but might be in the future). This briefly explains the recommendation.
Unless the customer asks for a dedicated briefing on your advanced security tier (or have a cybersecurity urgency), stop here.
Sample “Choice” pillar security acceptance form
|
Reference MSP Cyber Risk Disclosure Form |
|
|
Company Name ________________________________ Availability My company will be significantly impacted by extended periods of “Downtime” No significant business impactSignificant business impact My company will be significantly impacted by “Data Loss” No significant business impact Confidentiality My company will be significantly impacted by improper disclosure or a “Data Breach” No significant business impactSignificant loss of public confidence (reputation impact) |
# MSP Managed User _________________ # MSP Managed Devices ______________ Sensitivity of data The data environment in my business Mostly limited to employee and financial information A failure in my organization’s security can cause significant harm to public welfare No public harm is possibleSignificant public harm is possible
|
Based on the information provided, Reference MSP recommends: Basic Security BundleAdvanced Security Bundle Added Network Monitoring Other special security service(s) _________________________________________________________________ The above disclosures are true and correct to the best of my knowledge. I understand no commercially reasonable security can eliminate 100% of residual cyber risk, and following industry standard cybersecurity standards is the best way to reduce risk. I understand Reference MSP has made risk management recommendations based on standard practices, and failure to adequately invest in cybersecurity will expose me to additional residual risk. I accept all residual cyber risk: Signed: __________________________________ Print Name: __________________________________ Date: _______________________ |
|
A note about “Backup” waivers
Some MSPs ask their customers to sign waivers that they are not responsible for data loss if the customer chooses not to implement an optional backup strategy the MSP thinks is a good idea.
A customer resistant to buying backups will frequently be converted by the clear waiver and signature requirement. After all, if there’s a loss, they can no longer blame you.
If you do this for backups, consider issuing this for cybersecurity at the same time.
Example “Choice” pillar security offering one-page glossy
Reference MSP Cyber Offerings |
|
| Basic Security | |
|
Price Per user per month (but per device is also an option) |
$0 You include good security value for every customer. |
| What it includes |
A set of basic customer practices. This can simply formalize what you already do for all your customers.
|
| When to choose | Customers looking for good protections against cyber threats. |
| Advanced Security | |
|
Price Per user per month (but per device is also an option) |
$30-75/user/month You price cyber as an add-on to standard technology support. |
| What it includes |
A set of advanced customer practices
|
| When to choose |
Customers looking for better protection that eliminates most cyber risks or customers that:
|
| Advanced Add-on | |
|
Price Per user per month (but per device is also an option) |
Additional “Best” Upgrades as needed. Advanced Add-ons require Advanced core.
|
| What it includes | |
| When to choose | |
Affirm their choice (they are the buyer), don’t forget to finish preparation
Remember: You will not succeed unless your customer has a security imperative or urgency.
Affirm your customer’s choice not to invest more in cyber. It’s important to validate their risk decision.
You cannot rush the customer’s investment, but you can frame the conversion point by reminding them what their choice not to invest means:
- Security incidents may not be considered an emergency by the MSP, unless the customer has selected Advanced Security.
- On basic tier, security incidents have the same SLA as other non-security issues
- They can upgrade at any time
- You think your basic security is pretty good, but you can’t support any due diligence effort or provide documentation or certification.
- The centerpiece of your advanced tier is risk management and cyber assurance, and you really can’t provide that to them unless they’re assigning dedicated security resources
- If they upgrade, you can turn this around very quickly. It may take time to get all the protections in place, but an attestation that the customer has committed to a specific security roadmap is powerful and you can issue point-in-time attestations as soon as they sign.
- Help them recognize circumstances they might see in the future that would indicate they need to upgrade
Recognizing the Call To Action (Moment of Security Urgency)
The above resistance points are difficult to overcome quickly. In fact, it is commonly accepted (or decried) in the security industry that organizations simply don’t care until they do (when it’s often too late).
Circular logic may not sound helpful, but it’s a recognition of the fact that an outside force is needed to push a customer into an investment. While there are nearly universal resistance forces working against a security sale, moments of urgency are equally universal.
To successfully capture the moment of urgency, it must be recognized, and the recognition needs to begin with the customer (they need to tell you it’s happening).
Help your customer by explaining likely situations that may mean they need to rethink their cyber risk acceptance.
CANT: The “Timing” PillarMoments of security urgency are moments of security investment |
|||
|
|
Due Diligence |
Security Incident |
Regulatory Pressure |
|
Common Example |
Sales objection over cyber credibility or customer’s vendor requirements |
An impacting security breach that led to lost business or dollars |
Need to be perceived as regulatory compliant |
|
Less Common Example |
Non-customer stakeholder seeks cyber credibility over potential partnership or transaction |
A non-impacting security incident that created a wake-up call |
Actual pressure from a government regulator |
Understand your customer. Ask them what types of cyber pressures they think they may face in the future and when. Give them some examples of situations that are likely. Keep these in your customer notes and ask about them in business reviews.
Your customer will remember frequently discussed security pressures and recognize them when they occur.
When your customer tells you the moment has arrived, remind them that you’ve already game-planned the potential response.
It’s now time to initiate the hard sell.
MSP Cyber Solution Playbook
Using customer trust to bundle and sell more cyber with the CANT Cyber Sales Method. Preparation based cyber-sales objection handling that works.
Also includes:
- Six (6) illustrated Service Descriptions
- Cyber Solution Reference
Bonus: CANT Cyber Sales Method Poster (8.5" x 11")
Responding to the Call
The situation you should not be in
If you have not prepared for responding to the call, here’s the most likely scenario (is this familiar?)
- Your customer calls you with an emergency security situation (see table above)
- You drop whatever you are doing and respond to their issue immediately, but tell them that they are underinvested in cyber. The customer agrees and asks for options, but ultimately they’ve only got eyes for the fire in front of them.
- In a day or three you respond with pricing on a MFA hygiene agent, some EDR wizardry, a vSOC or XDR option, and of course they can start scheduling some vCISO time focused around holes they need to fill so they can prepare for an audit from a cyber shop you’re happy to introduce them to later
- Your customer graciously acknowledges the proposal or ignores it. When you ask for a decision your customer tells you they can’t really afford it after all.
What went wrong?
- Not only is your emergency response unnecessary (if the customer was better secured, there would be no emergency), you’ve got a low probability of actually satisfying the customer. Even if you scramble, nothing you create or fix in a few minutes is going to make up for a breach that has already happened, the lack of a documented security architecture, or a misalignment with industry regulations.
- Your customer’s moment of urgency was either (a) not resolved with an ideal outcome, (b) entirely preventable, or (c) not successfully converted into a service upgrade.
The mindset of a prepared customer
If you’ve done your job before your customer reached their moment of urgency, these are already facts they know:
CANT in actionIngredients of successful preparation based security sales |
|
|
Before the moment of urgency you have: |
What this means now (customer viewpoint fact): |
|
Established yourself as a security vendor by showing the customer their current security |
You are the default security vendor. |
|
Mentioned you have an advanced security offering |
You get the first call when the customer decides to shop |
|
Forced the customer to disclose risk and choose |
The customer knows they are in control of the security dial |
|
Affirmed the customer’s choice of “good” security |
Your offer feels strategic rather than opportunistic. You are both cost effective and credible. |
|
Introduced your advanced security package, but held back on details |
Your customer knows you already have the plan cooked (not much thought required). |
|
Described the moment of urgency to them |
Your prediction was prescient, thus your insights and previous recommendations have value. |
Capturing the Moment
The moment of urgency arrives. You’ve already prepared the customer, right?
If you’ve already prepared the customer, they probably realize their first words to you should be “I’m ready for an upgrade, so how fast can you do it?”
It’s possible your prep script still needs a little bit of work, or they’ve disassociated your preparation from their current situation. Remind them about your advanced offering and tell them you’re happy to continue trying to help them, but their basic tier does limit what you can and can’t do.
This is when you offer the advanced security briefing. Be clear, they need the advanced tier to obtain advanced security value. You can’t break the bundle because you only have normalized service tiers.
This should happen during the moment of urgency. If you wait until the customer’s problem has been resolved, security will suddenly seem too expensive (they didn’t need it, right?)
Before we discuss the briefing, let’s talk about how you can accomplish the simple service offerings above.
|
CANT Visual Summary Level-up your Cyber Sales with Pillars of CANT |
|
|
|
Trust Choice Timing |
What should I expect from my customers over time?Data show most customers are willing to pay more, but moments of urgency are not operated by clockwork gears. You know your strategy is succeeding when a substantial number of customers opt-in to “better” security.
|
|
.png?width=250&name=Cyber%20Sales%20with%20Pillars%20of%20CANT%20(2).png)
MSP Cyber Solution Playbook
Using customer trust to bundle and sell more cyber with the CANT Cyber Sales Method. Preparation based cyber-sales objection handling that works.
Also includes:
- Six (6) illustrated Service Descriptions
- Cyber Solution Reference
Bonus: CANT Cyber Sales Method Poster (8.5" x 11")
MSP Cyber Solution Playbook
Using customer trust to bundle and sell more cyber with the CANT Cyber Sales Method. Preparation based cyber-sales objection handling that works.
Also includes:
- Six (6) illustrated Service Descriptions
- Cyber Solution Reference
Bonus: CANT Cyber Sales Method Poster (8.5" x 11")
Schedule Now
Demo & Test Drive
Learn how our best practice cyber risk tools reduce the most risk with the fewest actions
