Quantifying Risks So Clients Invest Enough in Cybersecurity

Back to Blog

Quantifying Risks So Clients Invest Enough in Cybersecurity

If prospects and clients don’t know the potential cost of their problem, they will never know the value of your solution.

Spending the right amount on cybersecurity requires your prospect or client to know the potential expense of their risks before investing in remediation services. Until they understand how much they stand to lose, they won’t invest in your services — at least not the appropriate amount.

Wouldn’t it be easier to sell cybersecurity services if your prospect tells you they have millions of dollars in cyber risk? Here’s how you can make that happen.

How to Quantify Risks

As an MSP, you’ve heard prospects and clients say “Nobody wants my data…” or “We’re too small to be hacked…” until they are proven wrong. Here’s a perfect example of how an MSP proved a prospect wrong and won more business by doing so.

A law firm discovered they were harboring a serious security problem that made them vulnerable to ransomware. According to the firm’s managing partner, there were more than 20 attorneys in the firm who were billed at over $400 or more per hour.

This meant the lost billable time if the firm was hit with ransomware would have been $8,000 per hour (20 attorneys multiplied by $400 per hour). Based on their recovery strategy, it would have been taken them two days to recover with a potential loss of $128,000 in billable time. But that wasn’t their biggest problem.

The bigger issue was the possibility that the firm could miss a critical court filing deadline for a client. The client would surely drop the firm, which could cost them millions.

An MSP quoted them a backup solution for $5,000 per month. Until the law firm’s managing partner realized the firm was at risk of losing millions of dollars, the $60,000 annual fee for the backup solution was too expensive. Once he understood he could protect his firm from losing millions of dollars for just $60,000 each year, the same backup solution turned into a bargain (and a sale).

MSPs get frustrated when they know a prospect or client needs cybersecurity services but doesn’t buy them. But why don’t they? Well, the answer is simple. Although the MSPs know their clients need more cybersecurity, they just don’t do a good job of educating them on why they need more cybersecurity.

No matter what you sell, whether it is managed services or advanced cybersecurity services, you won’t make a sale until someone believes your price is a good deal. The way to make more cybersecurity sales is to convince your prospect or client that they have a multi-million-dollar problem you can solve for just thousands of dollars per month.

You can’t just tell them they have a million-dollar problem and leave it at that because that would be your number, which they may not believe. The trick is to get them to say that their number is a million dollars, which means you may need to educate them about the potential risks they face and then help them quantify those risks.

One way to do this is by citing news articles or recent regulatory penalties that highlight the financial losses similar businesses faced after data breaches and ransomware attacks. Present statistics about the business impact of breaches and ransomware — like organizations being offline for weeks — and point to actual regulatory penalties to add substance to your case.

How Network Detective Pro Helps

In RapidFire Tools’ Network Detective Pro, the Data Breach Liability Report quantifies risks based on benchmark research conducted for the annual IBM Cost of a Data Breach Report. Looking at a Data Breach Liability Report, an MSP client realized they had almost $54 million in potential liability based on actual data found on their network.

Potential Liability-1.png

Similarly, another client was shown how they had over $4 million worth of data on a single computer.

Potential Liability-2.png

Ask your prospect what the financial and reputational impact would be if they suffered a breach or ransomware attack. Be patient and wait for them to answer because it’s important for them to tell you their number, not the other way around. Sometimes it may not be a number but a comment like — “We would be out of business…”

Once you can position the value of your services against the quantified risks they face, it will be a lot easier to get your prospect or client to say “Yes” to your proposals and recommendations. Sign up for a free demo now to see how Network Detective Pro can help you to do this and more.

Tags: Best PracticesIT AssessmentsNetwork AssessmentsNetwork Detective