A common question we are asked by our Resellers is “How should I bring up cybersecurity to my existing MSP customers? Won’t they tell me that I should have already been protecting them?”
We get it. Many customers have the misconception that IT support = cybersecurity and even compliance with cyber regulations.
Here are some tips for effectively educating them on the reality, the risks, and the need to take action before an incident occurs.
- Educate them on current threats. We blog about them, and you can search our archives by topic or industry. Nothing gets their attention more than seeing that someone else in their industry just experienced a cyber attack…unless it is realizing that they are under attack themselves.
- Make it real for them by showing them what a single incident can cost using online risk calculators, such as eRisk. Use 10,000 records for easy math if they aren’t sure how many records of Personally Identifiable Information (PII) they have stored throughout their network. Businesses that have never experienced a cyber incident often have no idea how much an investigation costs, the potential regulatory fines and legal judgments they could face, or that insurance often has exclusions or limits.
- Speaking of cyber insurance, even clients who have cyber coverage may be faced with skyrocketing renewal costs even if they have never had a claim. Proactively helping them to do some minimal cyber testing or better yet, align to a recognized cyber framework can make the difference and avoid loss of coverage and rejected claims.
- Make the business case. Take those estimated per incident costs from the online calculator and show your recommendations as investments in risk reduction. For small businesses this takes the conversation from “IT is asking for more budget” to “What is it worth investing to reduce the risk of a $900,000 incident?”
- Document the discussion. Recap via email what you have recommended and why. Check out this video on liability waivers and what to do to protect yourself in the event the client ignores your advice but then comes after you for not protecting them.