MSP Cybersecurity

How Cybersecurity Solutions Contribute to Margins

Adrien Gendre

October 21, 2021

4 min

For many managed service providers (MSPs), cybersecurity is a lot like insurance. You pay for it to reduce your risk, but it isn't an active force in your day to day. In fact, you hope that you never wind up needing it.

When approached from the wrong angle, cybersecurity can be this way—a necessary cost that passively protects you and your clients. But with the right strategy, you can turn your cybersecurity offerings into a source of revenue and better margins.

How cybersecurity solutions can improve your margins

Keep your clients happy and in business

Being the victim of a cyberattack is enough to ruin anyone’s day. Clients that suffer from ransomware, phishing attacks, or data theft are going to be understandably upset with their MSPs. As experts at providing technology services, MSPs are often considered to be responsible for the security of their clients' Microsoft 365 environments—even if that responsibility is never explicitly stated by the client.

Unhappy clients that have suffered from an attack are more likely to take their business elsewhere, but they may also wind up with no business at all if the attack is serious. For small- to medium-sized businesses, the costs of remediating a cyberattack or paying an attacker’s ransom can be devastating. Even if the business survives, it’s a huge setback that blunts future growth. And if your clients’ businesses aren’t growing, neither will your own.

Ensure your own business continuity

If you’re following the same cybersecurity practices you preach to your clients, then you’ll also be better protected from cyberattacks.

MSPs are an attractive target for cyberattacks. By attacking an MSP, a threat actor could potentially access dozens of different businesses’ systems and data. Just as with your clients, keeping your own systems secure ensures that you’ll gain business continuity and preserve your reputation as a reliable MSP.

Demonstrate value to clients and justify your price

Without a cybersecurity offering, you’ll be leaving money on the table. Many clients have had security breaches or heard about someone who did and seek out MSPs that speak explicitly about their cybersecurity offering. Even if your prospective clients aren’t particularly security-minded, they can be educated about its importance and may be willing to pay a higher fee for your services as a result.

Actionable ways to increase your cybersecurity stack’s contribution to margin

Communication and education

Many MSPs see cybersecurity as "just” a cost sink. This perspective isn’t limited to MSPs—clients often think this way, too. It can be easy for clients to wonder whether they really need cybersecurity. When everything goes right, clients wonder why they’re paying for cybersecurity if they’re not using it; when everything goes wrong, clients wonder why they’re paying for cybersecurity if it’s not working.

But MSPs can dispel this illusion simply by regularly communicating with their clients and educating them on the existing threats. In sales conversations and marketing materials, MSPs can discuss the cybersecurity landscape and the threats facing small- to medium-sized businesses. Once you’ve won your clients’ business, you can hold regular meetings—perhaps once a quarter—to discuss the performance of your cybersecurity stack, whether there are any updates, what sorts of threats you’ve stopped, new and emerging threats, and so on.

By educating your clients in this way, they’ll be better able to understand why you’re charging the fee you charge.

Regularly review your cybersecurity solutions

Security doesn’t stand still. As long as threat actors continue to innovate, then cybersecurity solutions will change and best practices will be updated. When it comes to security, you’ve got to tread water just to stay afloat.

That means you need to regularly review your cybersecurity stack, perhaps once a year, to ensure that the solutions you’ve selected are being regularly updated and are still relevant for the kinds of threats your clients face. Different vendors will be more or less diligent about keeping their solutions up to date, but it's worth sticking with vendors that actively research new threats. Vade, for example, enjoys a 95 percent retention rate in large part because we make sure our solutions stay current.

Prioritize usability

When evaluating solutions to incorporate in your tech stack, don’t just choose solutions that appear to be the most robust. Consider how easy it will be to use, especially scaled across your entire client portfolio. The higher your time on tool, the lower your margins. Thus, usability is a major factor when it comes to selecting cybersecurity solutions.

Standardize and bundle

As perhaps the two most important actions an MSP can take to maximize their margins, standardizing the offerings in your stack and bundling your services together enable you to be cost-efficient.

Standardizing your cybersecurity stack is simple: Rather than build custom solutions for different clients, you should offer the same stack and service offering each time with only minor, predetermined variations.

This means you’ll never be stuck working with a subpar tool just because it’s a client’s preference. You’ll only work with the tools which you have the most experienced in using and implementing.

Bundling your services (at, for instance, bronze, silver, and gold subscriptions or some other tiering system) allows you to strike a balance between offering your clients choice and ensuring they purchase the minimum services needed for you to be effective.

When it comes to cybersecurity, bundling your services means that you can ensure all of your clients receive a minimum viable level of protection. And it means you can bake that level of protection into your fee.

Learn how to evaluate cybersecurity solutions

It should come as no surprise that the biggest impact cybersecurity has on your margin comes from the tools you decide to use. In fact, learning how to evaluate a solution might be even more important than the evaluation itself. After all, you won’t look for features that you don’t know to look for in the first place.

We can provide actionable knowledge when it comes to email cybersecurity for Microsoft 365. Download our free infographic,  Evaluating Microsoft 365 Email Security Solutions, to learn more about selecting an email security solution that maximizes your margins.