A Lesson From The Bible About How NOT To Market Cyber Security Solutions

There’s a Biblical teaching from Matthew 7:3 that reads (roughly translated), why point out the splinter in your brother’s eye but not consider the plank that is in your own eye?

This quote recently came to mind when I read a long Facebook post from a small MSP gloating over a business owner (client or prospect of his, I’m unsure) that had their network locked with ransomware after they stubbornly refused to take his advice and properly invest in the cyber security protections he attempted to sell them. As you’d expect, many piled on the comments about how he should go back to sell them the same thing at double the price and “maybe now they’ll listen.”

Since you can’t shake the salesperson out of me, I looked him up in our CRM to see if he was there and discovered he was an unconverted lead that sat a consultation with us several months back. Based on the information he submitted, he was generating less than $500,000 in revenue and bringing in less than one lead per month. He had mostly break-fix clients with only a few managed clients, no marketing plan in place, no sales or marketing team, no reliable way to generate leads or sales and “needing a way to bring in more MRR.” He mentioned using Facebook for marketing (more on this in a minute). In the end, he DIDN’T buy, stating he didn’t “have the money” and was going to attempt to do some social media marketing on his own first.

My first thought was, SHAME on us for not selling this guy what he clearly needs – I can’t fault him for not selling HIS client on what they clearly needed when we failed to do the same. My second thought was the Matthew 7:3 quote.

It’s EASY to point out the flaws and failings of those around us – and I DO see the irony of me writing about this, so save the hate mail. To quote Mac Davis, it’s hard to be humble when you’re perfect in every way (LOL). BUT there are a few lessons in this that I know my clients, subscribers and followers will find value in, so I’m daring to write this anyway, fully aware of the double standard.

First, a marketing lesson: If you’re an IT company, I’m not so sure it’s a good idea to shame a client or prospect directly on a public forum like Facebook regarding a cyber security breach because they failed to buy what you were selling. This is akin to a burglar alarm company gloating over a family that got robbed at gunpoint in their home, their kids traumatized, their dog shot and killed, because they didn’t buy your alarm system. YES, you are 100% right and there is a giant temptation to scream an “I told you so,” but your ego is going to cost you.

If that prospect or client sees his post, I doubt they’ll be happy over his proverbial roasting-marshmallows-over-the-bonfire problem they now have because they didn’t buy from him. Further, if I were a prospect, I sure as hell wouldn’t want to do business with a guy who does this to clients. So, in general, this is NOT a great idea.

Second, this should be a private matter. As a CEO who also outsources my IT, I would hope that my IT company wouldn’t publicly post anything if we had a breach, and especially not an “I told ya so” comment like this. I happen to listen to my IT company’s advice and I do invest in cyberprotections, but I also know there are NO guarantees and I could very much be in this same prospect’s situation. We ALL make bad decisions from time-to-time, and YOU are supposed to be on your CLIENT’S side, especially during a crisis like this.

And finally, it’s easy to see the “splinter” in one of clients who refuses to invest in proper cyberprotections or updated IT but overlook the complete and total lack of things YOU are properly investing in, be it insurance, training for your team, proper cyberprotections for YOUR organization (because it can happen to you, too) or even building your sales and marketing engine (yeah…had to throw that one in there).

If you can understand why YOU don’t invest in those things – because you don’t have the time, the money or feel it’s “not a problem,” or that you can “do it on your own” – you can at least understand how your clients and prospects feel when you show up with what they perceive as a giant, expensive and “overblown” solution for a problem they don’t have yet either. But cyber security is a SERIOUS problem, and marketing isn’t, right? Well…

If you aren’t making enough money to get yourself out of debt, save a year of income, have enough retained earnings to float your business for two to three months during a crisis, not to mention retire with dignity…AND you’re not doing everything within your power to fix those things and make sufficient profits to make those goals a reality, you are also ignoring a GIANT problem that will come home to roost one day. Sure, you’re fine right now…but if a family member got sick, you had an unforeseen business-crippling event (Covid), a cyber-attack on YOUR business or even if YOU got sick or injured or were otherwise unable to work, would you be able to survive it? If not, isn’t that just as serious as a ransomware attack?

By seeing that plank in your own eye, not only can you get to fixing it, but you can also have empathy for clients who aren’t quick to say “yes” to your proposal for IT or cyberprotections – and turn them around for their own good.