MSP Cybersecurity

How MSPs Can Use Data in their Cybersecurity Sales Conversations

Adrien Gendre


3 min

How MSPs Can Use Data in their Cybersecurity Sales Conversations

Among the top issues that keep MSPs up at night, cybersecurity ranks first, and for good reason. As attacks on SMBs grow, so do the challenges and pressures for MSPs. Cybersecurity sales conversations can be difficult when SMBs don’t believe they’re vulnerable to attacks. Convincing an SMB to invest in cybersecurity requires MSPs to get creative and arm themselves with data.

SMBs are under attack and in denial

Unlike past years when large, lucrative enterprises were the primary victims of cyberattacks, today, SMBs are being attacked with equal force and frequency. Unlike enterprises, however, SMBs have fewer resources and are less prepared for the consequences. Not only this, but many refuse to believe that they’re viable targets for attacks.

According to Datto, 60 percent of MSPs reported ransomware attacks against SMB clients in 2020, and 11 percent reported that clients experienced multiple attacks in a single day. Yet, according to a survey by BullGuard, 60 percent of SMBs said they are unlikely to be hit by a cyberattack, and one in five said they have zero vulnerabilities.

Additionally, 50 percent of SMBs said their employees received no cybersecurity training, fewer than 10 percent have dedicated IT staff, and one in three relies on free or consumer grade cybersecurity tools, according to BullGuard.

This disconnect between perception and reality is something that MSPs know well. Convincing overly confident SMBs to invest in cybersecurity is a constant challenge for MSPs, but failing to do so while being responsible for their clients’ cybersecurity is a liability that MSPs can’t afford.

Using data in cybersecurity sales conversations

Data tells a compelling story. There is no shortage of quarterly and annual reports that include valuable threat statistics that can be used in cybersecurity sales conversations. Unlike news articles that feature big, bold headlines about massive cyberattacks on big-name corporations, reports reveal the particulars behind cybercrime statistics that are more relevant to smaller businesses. MSPs can use these reports to their advantage and tailor their sales conversations to SMBs of all sizes and industries.

One of the best ways to get an SMB to say “that won’t happen to us” is to show them threat data on enterprise cyberattacks, so focus on using reports that feature statistics on small to medium-sized businesses only or that feature dedicated statistics on SMBs. Dollar signs are also a strong motivator for taking action; use data that shows real-world monetary consequences of attacks on SMBs.

Webinar Replay: Understanding and Using the IC3 Report in Your Cybersecurity Sales Conversations

Additionally, uncovering weaknesses in an SMB’s cybersecurity posture tells you where to focus the conversation. For example, an SMB that has limited protection from phishing attacks and offers no phishing awareness training for employees would benefit from a combination of viewing real phishing emails and statistics on how many ransomware attacks originate with a simple phishing email (54 percent).

SMBs who need a little extra convincing would benefit from use cases. For example, if you have a client or prospective client who is hesitant to invest in additional security, then demonstrate to that client how a particular endpoint, such as email, can be breached. Or, show how a system can be locked down by ransomware, and the resulting consequences. As an MSP, you likely have valuable firsthand experience that would resonate with your client or prospect.

Finally, use statistics that are relevant to the SMB’s industry. Healthcare, for example, is the most targeted industry for cyberattacks, followed by financial services and insurance, according to Datto MSPs. Clients and prospects in these industries would benefit from real-world examples of attacks on SMBs in these industries, the ramifications of those attacks, and your solution for helping them avoid the same fate.

Below are just a few useful reports and surveys you can use in your cybersecurity sales conversations:

  • FBI Internet Crime Report (IC3): Although it is not solely focused on SMBs, the FBI’s annual IC3 report features relevant statistics you can use to illustrate the threat of cyberattacks, including a breakdown of crime types combined with victim losses and victim data by state.
  • Datto State of the Channel Ransomware Report: An excellent annual resource using survey data from Datto MSPs, this report includes data-rich statistics such as the average cost of SMB downtime, average ransomware payment, industries most susceptible to ransomware, and business consequences.
  • Phishers’ Favorites Year-in-Review: Vade’s annual report highlighting the most impersonated brands in phishing attacks, Phishers’ Favorites includes examples of real phishing emails and an overview of phishing attack trends for the year.
  • Data Breach Investigations Report: Verizon’s annual report includes a dedicated section on SMB cybersecurity breaches, including data on attack frequency, top patterns, threat actors, and threat motives.


Learn how to use cybersecurity data in your sales conversations by attending Vade’s session at IT Nation Secure.

Book a meeting with us to talk in person