Guest blog courtesy of Check Point and written by Shahar Divon, head of worldwide MSSP and SMB business.
In cyber security sales, fear has long been the go-to approach. From warnings of impending cyber threats to fearmongering predictions of catastrophic breaches, the industry has often relied on fear-based ‘boogieman’ tactics to drive organizations to invest in security solutions.
However, while fear CAN be an effective short-term motivator, it often leads to panic-driven decision-making, rather than smart, long-term strategic planning.
In this blog, we’ll discuss the drawbacks of fear-based sales tactics and the advantages of a shift towards a more positive approach: cyber security as a value-added business enabler.
We’ll explore how, by reframing the conversation from one of pure risk mitigation to one of value creation and empowerment, Managed Security Service Providers (MSSPs) can not only build stronger relationships with their clients, but also drive more sustainable and meaningful business outcomes.
Overcoming the FUD (fear, uncertainty, and doubt) Mindset
MSSPs are acutely aware of the prevalence of Fear, Uncertainty, and Doubt (FUD) in the minds of their clients. Organizations are often gripped by apprehensions surrounding data breaches and sensationalized media coverage of large-scale cyber-attacks. You only have to glance at the weekly intelligence report from Check Point research to understand that the frequency and scale of cyber-attacks are on the rise with each passing week!! https://research.checkpoint.com/
Just in the last six months of 2023, Check Point Research reported on:
- MOVEit Progress Software suffered a cyber-attack that impacted over 2000 organizations and exposed the data of 60 million people, marking it as one of the largest breaches in history.
- Ukraine’s largest mobile operator Kyivstar was hit by “the largest cyber-attack on telecom infrastructure in the world”, rendering millions without mobile and internet services for at least 48 hours. Reportedly, the attack also affected air raid sirens, ATMs, and point-of-sale terminals. Russia-affiliated group Solntsepek, who was previously linked to Russian military group Sandworm, claimed responsibility. Another Russia-aligned group, Killnet, also claimed responsibility, however its involvement has not been proven. Kyivstar has 24.3 million mobile subscribers and over 1.1 million home internet subscribers.
- Av3ngers group activity took responsibility for defacing workstations at Pennsylvania’s Aliquippa municipal water authority. Following the attack, CISA published an advisory about this hacktivists group which is affiliated to Iranian Revolutionary Guard Corps (IRGC) and reportedly hit multiple water utility companies in the United States by targeting Unitronics’ PLC devices.
- Russia-affiliated military intelligence group SandWorm was reportedly responsible for an attack against 22 critical infrastructure companies in Denmark. The attacks, the most severe in Danish history, compromised industrial control systems and forced companies from the energy sector to work offline.
With all the increasing noise in the media on cyber security disasters, it’s no wonder that organizations are afraid – not only of the threat, but also, the repercussions. Add to that the anxiety of the unknown currently surrounding the future of artificial intelligence (AI) and its potential for misuse, and you’ve got a perfect storm of organizational unease and uncertainty.
To combat this pervasive FUD mindset, MSSPs are called to proactively address and dispel fears through education and assurance strategies. By providing clients with a deeper understanding of the cyber security landscape and the measures in place to mitigate risks, MSSPs can encourage a more constructive and proactive approach, guiding clients away from fear-driven purchases and towards a path of informed decision-making, confidence, and long-term business resilience.
Cyber Security as a Business Enabler
Cyber security not only protects businesses from threats but also enables growth, fosters trust, and enhances competitiveness. MSSPs now have an exciting opportunity to educate their customers on how viewing cyber security as a business enabler, rather than just a defensive measure, can unlock new opportunities and drive sustainable success. Below are some simple examples that MSSPs can use to educate their customers on this new approach:
Customer Trust and Reputation: Maintaining strong cyber security measures demonstrates to customers that their data and transactions are safe with your business. This builds trust and enhances your reputation, which can lead to increased customer loyalty and positive word-of-mouth referrals. Trusted businesses are more likely to attract and retain customers, ultimately driving business growth. According to one report (2018 Consumer Survey: Attitudes and Behavior in a Post-breach Era (pingidentity.com))78% of customers would stop transacting with a business online after a breach.
Compliance and Regulatory Requirements: Many industries are subject to strict regulatory requirements regarding the protection of sensitive information. Implementing robust cyber security measures ensures compliance with these regulations, avoiding costly fines and legal issues. Moreover, compliance with standards such as GDPR, HIPAA, or PCI DSS not only protects the business from penalties but also opens doors to new markets and partnerships where compliance is a prerequisite.
Innovation and Competitive Advantage: Strong cyber security practices foster an environment conducive to innovation. When customers and stakeholders trust that their data is secure, they are more likely to engage with new digital products and services. Additionally, businesses can leverage cyber security innovations themselves, such as secure cloud computing, IoT devices, or blockchain technology, to gain a competitive edge in the market.
Business Continuity, Resilience and Risk Management: Cyber security helps protect against potential disruptions such as cyberattacks, data breaches, or system failures, enabling businesses to minimize downtime through measures like regular data backups, disaster recovery plans, and incident response protocols. This proactive risk management approach prevents significant financial and reputational costs associated with breaches, ultimately safeguarding assets and operations while ensuring continuous customer service and revenue generation. Rather than focusing on risk, focusing on your customer can use business continuity as a value driver.
Six Key Recommendations for Fear-Free Cyber security Selling
Below are our top recommendations for MSSPs to execute this change in approach with maximum efficacy:
- Lead with Cyber security Education: Utilize a variety of educational content formats, such as webinars, whitepapers, and workshops to empower clients with knowledge about cyber security best practices, emerging threats, and risk mitigation strategies.
- Highlight business drivers instead of Fear: Go beyond simply discussing potential threats and the products to plug the gap. Instead, highlight how robust security measures can empower clients to maintain operational continuity and remove blockers when working with clients. Share real-life case studies and success stories as proof of concept.
- Align Cyber security with Business Growth: Engage in strategic discussions with clients about how effective cyber security practices can not only protect their assets. but also enable business expansion and innovation. Highlight the role of cyber security in safeguarding intellectual property, garnering customer trust, enhancing brand reputation and competitive edge.
- Tailor the Security Conversation: Take the time to recognize each client’s unique business environment, regulatory requirements, and risk appetite – and tailor the dialogue to individual needs. Recommend engaging stakeholders beyond the IT department, such as executives, sales, and marketing teams in the conversation for a more organization-wide approach to cyber security.
- Advocate for Standards Compliance as a Business Booster: Educate clients about the benefits of adhering to recognized cyber security frameworks and industry standards, such as NIST and CIS (Center for Internet Security). Show how compliance can serve as a trust-building asset with customers, demonstrating commitment to security best practices and regulatory compliance. Underline how compliance can be a differentiator, attract new customers, and retain existing ones, leading to business growth and success.
- Sell outcomes not products: One of the dangers when selling cyber security is to sell product after product after a new threat hits the media. Productizing cyber security offerings that are aligned to a framework allows you to sell a business outcome and justify cost. A well-managed Cyber security offer that delivers a business outcome will differentiate you from other MSSP’s and create long-lasting relationships.
Future-Proofing MSSP Services for a Clear Path Forward
In summary, as the demands on security providers continue to evolve, and client expectations continue to increase, MSSPs are called to chart a clear path forward to remain relevant and effective.
Today’s MSSPs face the imperative to not only adapt but also to innovate. They must prioritize agility, highlight strategic growth initiatives, and implement cutting-edge technologies into their offerings to stay ahead of the curve.
By integrating such value-driven business strategies into their cyber security offerings and sales approaches, MSSPs can effectively futureproof their services, increase client retention rates and ultimately, lead the change towards a more empowered and secure business ecosystem.