93% of companies currently using an MSP would consider moving to a new provider if they offered the right cyber security solution. Equip your business with cyber protection services that defend against ransomware and other data loss threats to protect customers, differentiate your offerings and realize new growth” says Mike Vogel of Acronis.  Whether the actual percentage is higher or lower, there is truth in this statement.

When customers rely on their Managed Services Provider (MSP) to help them with recommending, implementing and supporting appropriate technology to run their business, there is also an assumption that cybersecurity and compliance are being considered – even if that is never verified by the MSP.  While the skill sets needed in these areas overlap the skills needed for implementation and support, they are not completely the same.  MSPs main charge is to provide function in the simplest way to get business done.  Compliance and cybersecurity focuses on the need to protect the data, which adds complexity and makes functions more cumbersome in many cases.

Never discussing security or compliance because you don’t feel confident in your expertise can also backfire.  Customers may not come to you with the questions if you don’t make it clear that you have competency and/or resources in these areas, and by the time you find out that they had questions or concerns, it may be too late.

A simple way to start the conversation with your customers is to use the National Institute of Standards & Technology Cyber Security Framework (NIST CSF) 5 key areas that every organization needs to address: Identify, Protect, Detect, Respond and Recover.  By confirming what you are already providing in these areas and what is left, you open the dialogue to next steps to reduce their business risk and exposure to losses.  What if the customer doesn’t want to address the gaps?  Many MSPs are making sure they get this in writing so the customer is agreeing to assume the risk despite their advice so if an incident occurs, the customer cannot claim ignorance and the MSP cannot be held liable.

By partnering with a firm that specializes in cybersecurity and compliance, MSPs can fill any gaps in their team’s knowledge and experience and prevent customers from feeling like they need to find another provider.