Three Challenges to Selling Security Services (And Five Tips on Overcoming Them)


Managed Service Providers (MSPs) have a unique responsibility within the tech industry that involves management and operations of a broad variety of networks. And with cybercrime growing worldwide nearly 4x over the past six years, from 4.32 million attacks reported in 2016 to 16.81 million attacks reported in 2022, MSPs need to be able to provide comprehensive cybersecurity offerings to their customers.

(In our Warlock’s Guide to Selling Security Services, we have a spellbook full of different tactics to help you build trust, create content, and set your MSP up with a cohesive set of products and services for any cybersecurity challenge.)

Unfortunately, many organizations are not adequately prepared to protect their networks against incoming threats. In 2022, IBM found that out of the breached organizations in the study, 83% had been hit more than once and just 17% of the breaches were first-time offenses. This means that, even after attack, businesses (especially small businesses) don’t have the resources, knowledge, or time to properly protect themselves.

Why customers are hesitant to invest in security

Even with the myriad of alarming statistics around cybercrime, data loss, and fraud, many organizations struggle to adequately beef up their security strategy. As an MSP, you might even encounter customers that are resistant to the investment. When selling, it’s important to build a solid foundation of trust by understanding pain points and listening to their needs. Here are a few roadblocks you may face with new or existing customers:

Customers don’t have bandwidth or budget for security

Perhaps the largest obstacle for any small business is a lack of resources or bandwidth to devote to cybersecurity. But underfunding security is short-sighted and increases their risk of breach. It’s important to convey the importance of investment and urge them not to refuse security services. By appropriately communicating the actual risks behind an insufficient investment, you’re more likely to convert those non-believers.

Customers struggle with security system implementation

Tied to the lack of security resources mentioned above, small businesses will often try to configure security systems without the guidance of an IT or security professional. These misconfigurations or deferred software patches can lead to easily exploited weaknesses! Luckily, MSPs are able to provide a unique service here by providing them with cohesive security implementation, consistent monitoring, and any other products or services included in your security package(s). Just make sure you don’t criticize their current operations but instead position your business as a security partner.

Customers lack knowledge of current threats

With millions of attacks being launched worldwide every year, it’s no wonder that investigating these threats is a full-time job. Many small businesses don’t have the time to keep up with it all. Without a dedicated security resource, these businesses can find themselves in the dark. MSPs have an opportunity to become a reliable and knowledgeable partner that not only provides their security services, but also the information they need to stay well-informed.

Five tips on creating and promoting your security services

Whether you’re just getting started in selling cybersecurity services or haven’t quite cracked the code, we’ve put together some tips on creating and promoting your services to potential customers. You can also find a helpful webinar on the topic on our blog:

Define your customer base

Before planning out your potential security services and packages, you need to know who you’re selling to. Are you working with mostly small businesses to help create a security strategy from scratch? Or are you working with more established organizations to bolster their existing security practices? If you have a broad variety of customer types, you may have packages that fit different needs, such as industry-specific compliance services, physical security solutions, and more. This knowledge of your customer base will help inform the way that you package and deliver your security services.

Consider your core cybersecurity products and services

When building a portfolio of products, you’ll generally create a single stack that can be used for all of your potential customers. This will include basic security offerings such as antivirus, backup, device hardening, device monitoring, and patching. By building out a cohesive set of core products, your team is more easily able to manage the processes and messaging for sales staff becomes much easier. From this core set of products, you can branch out into additional services that may need a more advanced approach based on their network and industry.

Educate your customers on security

As mentioned previously, many customers don’t have insight into the threats that they actually face. A big piece of education is focusing on the outcomes both with and without proper cybersecurity practices. Show them what you’ll be able to deliver with your services and the reduced risk with that investment. You may even consider bringing statistics into the conversation to demonstrate the real-world impact these threats have.

Create content and disseminate externally

Demonstrating your expertise is incredibly important when building credibility as a cybersecurity expert. Your team likely has valuable information around the world of cybersecurity that can be shared through blog posts, videos, and on social media. This allows you to reach a wider audience and position yourself as a thought leader within the space. Content could include security updates, industry news, and more.

Put together service portfolios

Before you start selling to prospects, you should have a portfolio of all of your security services and packages. These packages should include anything that would help demonstrate your experience helping other customers. Quick video demos are a great way to show off your product. You can also consider adding case studies and customer testimonials to your portfolio, which boost your credibility and trust.


Selling security services can be challenging, especially if you’re starting from scratch. But with these tips and our guide to Selling Security Services, you can take the first steps into building a program that will make a huge impact. It’s important to give cybersecurity the time it deserves.

Next Steps

The fundamentals of device security are critical to your overall security posture. NinjaOne makes it easy to patch, harden, secure, and backup all their devices centrally, remotely, and at scale.
Learn more about NinjaOne Protect, check out a live tour, or start your free trial of the NinjaOne platform. And if you’re an MSP looking for more help, download our guide to selling security services.

You might also like

Ready to become an IT Ninja?

Learn how NinjaOne can help you simplify IT operations.

Watch Demo×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).