What Cyber Security Solutions Most MSPs Are Selling And What Solutions To Add In Next 12 Months To Stay Competitive [Industry Survey]

The demand for cyber security solutions is on the rise. In fact, offering cyber security solutions is your fastest and easiest way to get in the door to new clients or increase revenue with existing clients. Between cyber security sources warning consumers of the predicted onslaught of vicious cyber-attacks coming THIS YEAR due to the COVID-19 work-from-home movement and the growing number of government regulations regarding data privacy almost daily, MSPs and IT providers have a grand opportunity.

That’s why we went to our MSP community to find out who is selling these more advanced and comprehensive cyber security services. We wanted to know what their biggest challenges are in selling these services and what are they offering.

Selling new and existing clients more robust backup, compliance, and cyber security protection isn’t just a great opportunity to increase your bottom line. It’s the IT community’s responsibility to ensure clients are protected against these threats.

Check out the results of our new survey to ensure you are keeping up with your peers. Because if you’re not selling these solutions right now, you can bet one of your competitors is.

How Many MSPs Sell Cyber Security Solutions and Services?

The majority of MSPs (93.9%) offer cyber security solutions and services, with only 6.1% currently not offering any cyber security services at all. There are a wide variety of cyber security services that come standard in the top-level, all-inclusive managed services. Still, there is A LOT of room for increasing sales in the cyber security arena as evidenced by the twenty-two different cyber security solutions/services MSPs said they are planning to add to their solution stack in the next 12 months. When you look at what is currently being offered by other MSPs and IT providers along with all the other options available, it is easy to see there is a big opportunity and it’s worth figuring out how to add more services and effectively package them. (A panel of top security-focused MSPs will discuss packaging and pricing cyber security solutions for maximum client protection and profitability during the Cyber Security Livecast. Get the details here.)

What cyber security services/solutions do MSPs FREQUENTLY sell?

Click Image To Enlarge

According to our survey, the most frequently sold security solutions (must have been sold to at least 6 or more different clients in the last 12 months) are:

  • Managed cyber security services; full network, MSP model (65.9%)
  • Managed cyber security services; SINGLE point solutions (Dark Web monitoring, advanced endpoint security, SIEM, etc.) (65.9%)
  • Cyber security awareness training and AUP creation (57.1%)
  • Compliance services specific to HIPAA, SOX, DFARS, etc. (34.1%)
  • Remediation services AFTER a breach (34.1%)
  • Projects installing advanced security solutions (NOT managed, but VAR model) (23.0%)
  • Penetration testing and PAID security assessments (20.6%)
  • Physical security solutions (cameras, access control) (16.7%)

What cyber security services come standard in your top-level, all-inclusive managed services offering?

Click Image To Enlarge

In response to what MSPs offer as “standard” in their top-level managed services offering, there was not a standard answer. More than 22 different services were listed (see question 4 in the survey results). Essentially this reveals that there is not an industry norm.

That said, when packaging what your standard offering should be, you must know who your audience is and understand their problems so you can properly package a solution that will fit their needs specifically. The ten most common cyber security services offered by 50% or more of MSPs as standard in all-inclusive managed services offerings are:

  • Patch management and updates (89.3%)
  • Antivirus (85.5%)
  • Backup and disaster recovery (82.4%)
  • Firewall monitoring and updates (79.4%)
  • Spam filtering  (71.0%)
  • Web content filtering (separate or as part of a firewall solution) (63.4%)
  • Awareness training for employees and AUP creation (62.6%)
  • Multi-factor authentication (57.3%)
  • Dark Web monitoring  (54.2%)
  • Advanced endpoint security, specifically AI or behavior-based modeling (54.2%)

What cyber security services/solutions do you plan on adding to your solution stack in the next 12 months that you are NOT selling now?

Click Image To Enlarge

Interestingly, there are several services that didn’t make the top ten standard services currently being offered that will move up the list in the next 12 months, indicating there is a growing demand and opportunity.

Among these, 31.3% already offer security assessments and penetration testing as standard while 39.3% plan on adding this service within the year. The number of MSPs offering Advanced Threat Detection (Huntress, Threatlocker, RocketCyber, etc..) will double with 32.1% currently offer this service with another 33.6% who will add it in the next 12 months. SIEM (Security Incident & Event Management, aka security log management) will see a big bump too. Currently, only 21.4% of MSPs offer it, however, an additional 26.2% said they will add this service to their offering. Although already in the top ten, Dark Web monitoring will move even higher on the list as 23.4% indicated they will add this to their list of cyber security services this year. Awareness training for employees and AUP creation (28.0%), password management tools and services (27.1%), and multi-factor authentication (26.2%) were a few of the other popular choices among the list of what MSPs plan to add to their cyber security solutions line-up.

Cyber Security Guarantees and Warranties

Only 17.2% of MSPs offer any type of guarantee or warranty to clients in regard to protecting their data/network, downtime, compliance, and so on.

The most popular responses from those who offer guarantees or warranties, said they offer one or more of the following:

  • Guaranteed response time.
  • Guarantee of availability for service.
  • Money-back guarantee. Some guarantee satisfaction if their work isn’t up to par. The caveat is that they ask that you bring the issue to their attention and give them the opportunity to make things right. If they still don’t get it right, then they will give a client their money back.  
  • If a client is hit by ransomware, the company will remediate it at their cost. Some offered to remediate at no cost for their fully managed clients. MSPs that offered this guarantee carry cyber liability insurance.
  • A million-dollar ransomware guarantee which is passed through from their vendor.

The BIGGEST challenges in selling cyber security solutions

The MSPs who completed our survey said that showing the value or “getting clients to understand the threat is real” is their top challenge when selling cyber security. Not surprisingly, the majority of MSPs who listed this as their number one challenge also said price or getting clients to agree to pay for these services was a big problem.  Businesses not thinking they are vulnerable because they’ve never had any breach was the most difficult challenge in selling cyber security solutions.

The most common challenges are:

1) Getting clients to understand the risk.

“Clients don’t see the need until after a breach”…

“Even in the threat landscape we’re in, some just don’t get that these things are as important as they are”…

“Clients refuse to accept that they are at risk”…

These are the typical responses we received in our survey demonstrating that there is a need to give clients clarity in your messaging so they truly understand what’s at stake, what you are offering, and why they need your cyber security solutions.

2) Fee resistance. Many believe they cannot get their clients to pay extra for cyber security services. While a few mentioned that clients are finding “insurance is cheaper,” most fee resistance is not a market problem where competition is undercutting you and people are not shopping on price. That’s good news because it means with proper sales and marketing, you can overcome this challenge.

3) Finding clients. Lead generation and getting your message out to prospective clientswere not as prevalent but still a problem for some MSPs. With a lead generation funnel geared towards cyber security, this can easily be resolved.

4) Not feeling ready to provide services. Some felt they were not “ready” to provide services. They mentioned needing to “get their own house in order,” not having enough expertise, being unsure of how to vet vendors and the requirements for sourcing providers properly, and the need to get training and or people in place so they can feel comfortable that they will be able to properly provide cyber security services.

Understandably, this is a concern. No MSP wants to wake up and discover a hacker has gained access. An event such as this can destroy your reputation and your business. As this continues to become a bigger threat, you’ll want to invest in training NOW to make sure you prevent this. Furthermore, MSPs who don’t have cyber security in their arsenal are at risk of getting left behind.

Often, one of the toughest decisions every MSP struggles with is how to set their prices. There is also commonly a hard-wired belief that clients won’t pay, even though we can point out MSPs in the market who are charging and routinely getting clients to pay for these cyber security services.

In most cases, selling cyber security solutions is a sales and marketing problem (you aren’t explaining the value of cyber security clearly or gaining client’s trust that the investment is worth it) or it’s a mindset problem (you firmly believe clients won’t pay for cyber security). It could also be an issue of not properly packaging your services or an issue of confidence (a need for training, for example) that can resolve this problem, so you’ll start generating more sales.

For details on new strategies, new vendors, new solutions and how to build a complete, proven system to market and sell cyber security solutions to new and existing clients, how to package and price cyber security services, and how to ensure your own “house” is in order to keep your own MSP safe from ransomware, go to https://www.cybersecuritylivecast.com. You’ll discover The Cyber Security Marketing Blueprint: — a system that will give you a step-by-step plan to add half a million or more in high-profit MRR selling cyber security solutions and how to keep your current clients safe.