MSSPs looking to build trust with prospective clients can find inspiration from doctors, Galactic Advisors Chief Security Officer Bruce McCully told a crowd of solution providers Sunday.
Just as a doctor doesn’t prescribe every known drug to a patient after reviewing lab tests, MSSPs shouldn’t try to sell prospective clients every security tool after a third-party cybersecurity assessment, said McCully, whose Nashville, Tenn.-based cybersecurity consultancy offers such assessments.
“Basically you assess, report, prescribe and ultimately profit,” he told attendees at CRN parent The Channel Company’s XChange NexGen 2023 conference, which runs through Tuesday in Houston. “This is a simple way to differentiate. Go through and advise and educate your clients and elevate yourself from computer janitor—the guy that’s going through and fixing all the little issues inside of their environment—to computer doctor, the person that’s prescribing the solutions that your clients trust and take on.”
Prescribe Cybersecurity Like Doctors
MSSPs that come to prospective clients ready to sell every security tool with a nuanced look at the client’s IT estate risk further commoditizing the cybersecurity industry and creating a race to the bottom with prices, McCully said.
That race to the bottom is a real concern, Mark Wiener, CEO of Raleigh, N.C.-based MSSP BizCom Global, told CRN. MSSPs need to help customers see the risks in their individual businesses and see the value that new security tools deliver without simply selling a client on affordability.
“Customers are not reading all the things that are bad out there and don’t understand the real risks they are facing,” Wiener said.
McCully told the audience that managed security is very much a value-add to their business, with MSPs growing at 46 percent and MSSPs growing at 183 percent.
And in the high-growth world of MSSPs, becoming a “trustworthy security doctor” that is more prescriptive in talks with prospective clients should improve close rates and make those customers less likely to get poached by competitors, he said.
Clients are more likely to trust an assessment not built by the MSSP, he said.
He recommended using third-party security assessments quarterly with clients to update them on changes to risk, head count and other parts of their business. Those regular assessments also increase margin for MSSPs without much additional work.
“Ultimately, it allows you to demonstrate progress over time,” he said. “It allows you to show them that their cybersecurity program is really helping them become more healthy.”