How to (and How Not to) Sell Managed Cybersecurity: 10 Key Do’s and Don’ts


how to sell cybersecurity

Selling managed cybersecurity is one of your biggest opportunities to add to your profits and improve your margins. But how do you put together and pitch an irresistible offering?

October doesn’t just bring cooler weather, Q4, and Halloween, it’s also National Cybersecurity Awareness Month — the only month all year long any of us are allowed to talk about cybersecurity.

I’m joking, of course. The reality is cybersecurity is a constant point of discussion these days. Each week brings new incidents that make headlines and put it right back into focus. To say it’s top-of-mind all year round is an understatement, and from an IT services perspective, it continues to be a killer conversation starter. As OITVoIP‘s Sean Lardo put it during our recent MSP Live Chat, “I feel like cybersecurity is the sexiest thing ever.” 

You’ve likely heard all this before. “Selling managed cybersecurity is your biggest growth opportunity” has been the storyline for years now. But if you’re just getting started, or if you haven’t quite cracked how to take advantage with a dedicated security offering, don’t worry — you haven’t missed the boat quite yet.

To help you get going and avoid some common mistakes, I wanted to share 10 fantastic do’s and don’ts pulled from our Live Chat with Sean and our other special guest Jennifer Bleam, owner of MSP Sales Revolution.

We asked them a lightning round of questions ranging from how to package, price, and position your security stack to what messaging tactics to use and to avoid. You can watch the (not-so) lightning round play out in the video below. Or, if you’re short on time (as I said, it’s a not-so lightning round), then scroll right down to the list of 10 do’s and don’ts below.

10 key do’s and don’ts to help you sell managed cybersecurity more effectively

1) DO have a separate cybersecurity offering

    • Jennifer Bleam: “Yes, because it’s something you’re going to stack on top for your existing clients. For new clients, it’s not separate. It’s included.”
    • Sean Lardo:Yes, you should. Simply because it’s an upsell, an add-on to existing, and it’s almost standalone, too.”
    • Bottom Line: Cybersecurity should be an add-on for existing clients and included in your standard, all-in offering for new clients. 

2) DO sell all clients the same security

    • Jennifer Bleam:Yes, but if you are selling incident response or compliance, only sell that to the clients that need it. Otherwise, yes, one stack for everybody. It’s like the ring. One ring to rule them to all, one stack to rule them all.”
    • Sean Lardo:Yeah, why wouldn’t you? I mean, just on multiple levels. One is, as Jennifer said earlier about selling [a service offering you’d feel comfortable selling] to your sister. Sell that level of security so they’re protected, because you don’t want people giving you bad reputation, bad scores. Your reputation is everything. And also, it puts you back to the cookie-cutter process. Once you agree on this, it makes it easier for your sales rep to go and talk to [prospects]. You know what you’re doing with them. It’s like selling oil changes.”
    • Bottom Line: You may have outliers, but try to sell the same security stack to all your clients, built with their needs in mind. This makes sales training and messaging easier for sales staff at your MSP.  

3) DON’T let clients refuse security offerings

    • Jennifer Bleam:Nope. Don’t do it”
    • Sean Lardo: “NO.”
    • Bottom Line: When your business reputation is one the line it’s important to make sure that clients cannot refuse security services. If they are able to refuse for any reason, make sure you have that opt-out recorded with a signature. This will help protect your business in the case of a breach on a business that refused cybersecurity services.  

4) DON’T say you can help clients be “unbreachable”

    • Jennifer Bleam:Oh, please no. Don’t do that.”
    • Sean Lardo:I would agree. You can’t see it. Just like, my doctors can’t say, “I’m going to make you 100% ready to go.” You know, there are disclaimers — if you take this medication, you have all these side effects — the same rules apply.”
    • Bottom Line: Very simple, let’s not make promises that we can’t keep, especially when it comes to things like cyberattacks. What you can promise are efforts, not results. 

5) DON’T get too caught up in calling yourself an MSSP

    • Jennifer Bleam: I don’t think it matters, so don’t. I don’t think your clients care. I don’t think they even know what an MSP is.”
    • Sean Lardo:Last week we were at ASCII in Jersey. And I met Lawrence Taylor, the greatest NFL player in history of defensive players, right? And he’s sitting there smoking a cigar. I come out with all these MSPs I’m with, and he says, “What do you guys do?” Five MSPs said, “We’re MSPs…” and then tried to explain what that really meant. After 10 minutes, Lawrence Taylor said, “What the bleep are you talking about?” So, you can add 25 S’s onto your name. The fact of the matter, is [for most clients] it doesn’t matter. Just call yourself computer fix-it guy or gal. That’s probably better.”
    • Bottom Line: While some clients are looking for specialized services and expertise (including SOC services and others), the truth is the majority are likely not going to understand or appreciate the difference between “MSP” and “MSSP,” so focus less on the letters and more on the security. 

6) DO use fear, uncertainty, and doubt (FUD) in your sales/marketing messaging — but thoughtfully

    • Jennifer Bleam: It’s not fear-mongering, it’s fear, uncertainty, and doubt. And that is the reality. If you study human psychology at all, fear, uncertainty, and doubt is a much bigger motivator and a much better motivator. It generates more emotion, which you need in order to make a sale more than rainbows, puppies, and kittens. So should you use fear, uncertainty, and doubt in your selling? Only if you want a higher chance of closing the deal.”
    • Sean Lardo:Well, it sounds like doom and gloom when you say it that way, but yeah, you do have to. Jennifer, you said it — stuff can happen. And they should at least understand what the potential loss is [if it does]. If I didn’t have home insurance and my house burned down, guess what? I would be stuck. It’s important that I understand what my options are, what my limitations are, what my losses are. So, you absolutely need to educate somebody on what the problem is.”
    • Bottom Line: More often than not, being sensational and trying to scare your way to a sale is NOT going to work. That said, clients do need to know what their risks are, and they shouldn’t be sugarcoated. 

7) DO bring up advanced attacks and threat actors

    • Jennifer Bleam:Yes. [Advanced attack groups are] a clear and present danger.”
    • Sean Lardo:Educate them on what exists, because it does exist, right?”
    • Bottom Line: Avoid playing alphabet soup with confusing names and acronyms, but do let owners know what everyday small businesses are up against in our globalized, interconnected world and with the increasingly industrialized cyber crime ecosystem. 

8) DO talk about the competition

    • Jennifer Bleam:I would say yes, you can absolutely talk about your competitors.”
    • Sean Lardo:Why wouldn’t you? I mean, it’s not like you can hide it. The fact of the matter is everybody can Google.”
    • Bottom Line: Throwing mud is a surefire way to lose a sale, but that doesn’t mean you can’t address your competitors directly when prospects bring them up. Be fair, cite strengths or focus areas, but then put the focus back on what you specialize in and what you do best.  

9) DO take advantage of Cybersecurity Awareness Month

    • Jennifer Bleam: Yes, but you’re going to be noise. So, do it because you have to, but then when we get to November 1st, please don’t stop marketing just because it’s not the month anymore.”
    • Sean Lardo:You never stop marketing, just like you never stop closing. Try to put yourself in a position that you stand out, though.”
    • Bottom Line: While you certainly won’t be alone, the fact is Cybersecurity Awareness Month is a great opportunity to get your name out there, position yourself as a security resource, and drive business discussions. It’s not too late to get started, either. Check out these 15 free social media templates you can quickly customize and start putting to use right now.

10) DON’T let the day-to-day grind hold you back from devoting time to developing your offering and growing your business 

    • Jennifer Bleam:If you’re not selling cybersecurity yet, then clients [may buy it from someone else]. You don’t offer it, there’s no revenue opportunity there for you.”
    • Sean Lardo:I noticed a lot of MSPs struggle when they are technology people at heart, and that’s what they got into it for, they love it, and they’re very good at it. They’re good at customer service and support. It’s the understanding of what it really takes to go to the other side. They say that they want to grow, but do they understand what it really takes to get to growing?”
    • Bottom Line: One of the most difficult challenges for MSP owners is pulling themselves away from the day-to-day technical work enough to focus on the business. Selling cybersecurity is a terrific opportunity, and it’s only going to become an even bigger pressing need over time. 

Give cybersecurity the time it deserves

When it comes to a topic like cybersecurity, even base-level questions cannot be answered with a short “do” or “don’t.” The subject is important in October for general awareness, but in our industry, it’s a year-round push to educate partners and prospects alike. 

Get active this Cybersecurity Awareness Month (and beyond) 

Is your business doing anything to educate and spread awareness this Cybersecurity Awareness Month? If not, here’s a quick and easy way you can spin something up. 

We’ve put together 15 easy-to-customize social media templates you’re free to grab, edit, and start using right away. 

Grab Canva Templates for:

Jennifer Bleam of MSP Sales Revolution also has 30 ideas for quick videos you can create in October (or any month) to spread cybersecurity awareness.

Don’t miss our next MSP Live Chat

Recapping our Live Chats is fun, but they’re even better live. Find out when we’re hosting our next one, and be part of the conversation with your peers.

Next Steps

The fundamentals of device security are critical to your overall security posture. NinjaOne makes it easy to patch, harden, secure, and backup all their devices centrally, remotely, and at scale.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

Watch Demo×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).