Talk to an expert

This Common Strategy is Killing Your Cybersecurity Revenue

By Elliot Anderson  |  June 4, 2024

For many of you reading this, it’s Q4 and you might be looking at your YTD sales and scratching your head about the low customer adoption of your cybersecurity services. Cybersecurity is a hot commodity, right? Every business needs it, right? So why aren’t your sales numbers rocketing right off your spreadsheet?

In talking to MSPs on a regular basis about go-to-market strategies, marketing, and sales enablement, I noticed something that is all too common that is stifling sales and as a result perpetuating the risk exposure of SMBs.

Right Product. Wrong Package.

You may have built a world-class cybersecurity solution – hired the right staff, chose the right tech, picked the right partners – but the way you present it to your customers is everything.

The problem I see is MSPs have organized their offering into the typical Good-Better-Best packaging model we’re all super familiar with in the SaaS market. There are two big problems with that.

Problem #1 – Nobody Likes Buying Cybersecurity

cybersecurity revenue

Cybersecurity is not something any business is excited to spend more money on. When was the last time you bought the BEST life insurance policy? What about the BEST car insurance you could find? You need them, but are you looking for the BEST, or the best-fit for your risk tolerance level? Unless you’re a wealthy hypochondriac or a terrible driver with a Ferrari, I’m going to guess you weren’t drawn to the BEST plans. And come to think of it, are insurance plans ever packaged in a Good-Better-Best way? No. And for good reason. So, step 1 – take a page from their playbook.

Problem #2 – Cybersecurity is Not Simply a Product

The Good-Better-Best model works for a single-purpose SaaS product. But cybersecurity is much more complex – it’s a combination of multiple products, various levels of service, and a sliding scale of asset coverage. When you borrow this tiered packaging model from the SaaS market, you’re forcing your buyer into making a very difficult choice with very few options. Not only does your buyer not like buying cybersecurity, but they also don’t fully understand the ramifications of their choices. So, they’re going to do what humans do… hedge their bets. When you had to purchase something that frankly was over your head, what did you choose? The most expensive premium option? The dirt-cheap option? Nope. You probably hedged your bets and went with the middle or, if you’re a cheapskate like me, the one slightly-below-middle-but-not-the-cheapest.

Remember that for most SMBs, telling them all of the cybersecurity services they need is like you being told you need an Automatic Pulsation Vacuum Double Cow Milker with Food-grade Silicone Cups and Tube and Stainless Steel Bucket (apparently it’s a thing!), but you have to choose whether you want to pay a little or a lot for it.

cybersecurity revenue

Cybersecurity and Home Security

So, in addition to looking at the insurance industry for a hint that borrowing the SaaS Good-Better-Best model might not be appropriate, you don’t have to look far to consider a better approach to cybersecurity packaging. Consider home security services. Instead of asking consumers plainly whether they want good, better, or best security, the packaging options are centered on “scope” (what do you want to protect) and “service” (how much work do you want to avoid).

Recommended Approach

The answer to smarter cybersecurity packaging is thankfully right under our noses. I’m sure you’ve heard of the NIST Cybersecurity Framework (CSF).  If not, this framework is quickly becoming the standard for both explaining and architecting cybersecurity capabilities, and more frequently being used by cyber insurance providers to evaluate policyholders and determine premiums.

nist cybersecurity framework

Simplify cybersecurity conversations using the NIST Cybersecurity Framework

Align your cybersecurity products and services to these five NIST CSF functions and now your customer can better understand the scope of cybersecurity and what they are choosing. Allow them to configure the protection that fits their risk tolerance.

  • Identify includes risk assessment, asset management, and vulnerability scanning to name a few.
  • Protect includes endpoint protection, access control, data security and more.
  • Detect includes logging, monitoring, threat hunting and detection.
  • Respond includes incident response planning, remediation capabilities, and forensic investigation.
  • Recover includes disaster recovery planning, data backup and restoration, and communication channels.

Don’t make it a “this or that” choice. That is too limiting when it comes to cybersecurity complexity and the variations amongst business IT estates. Instead, you could offer choices within each NIST CSF function. Within these single-purpose NIST CSF functions, it is totally practical to build out tiered choices based on size/scope of coverage or sophistication of solution.  

nist cybersecurity framework 1

Give your customer the ability to customize their cybersecurity to fit their needs.

As a buyer, I can now begin to wrap my head around the cybersecurity functions I need from you and can choose the good-better-best levels within these areas based on risk tolerance and what’s a “best-fit” for my organization. It’s no longer an all-or-nothing situation where perhaps you’ve currently lumped all your truly recommended capabilities into the “BEST” option which the buyer perceives as overkill.

Expected Outcomes

Now that you haven’t boxed your customer in to choosing “good” cybersecurity or possibly “better” cybersecurity, but rarely the “best” cybersecurity, look forward to seeing more of those advanced cybersecurity functions going to work for your revenue numbers and your customers’ cybersecurity posture.

Flexible Offerings Require Flexible Solutions

I realize this is all well and good if your cybersecurity stack allows you to mix and match different solutions within these five NIST CSF functions. You’ll certainly need vendors and partners that allow you flex scope and service amongst things like endpoint protection, security monitoring, threat hunting, SIEM coverage, and more on a per client basis to make this practical and affordable.

Contact Lumifi for a more flexible way to scale your cybersecurity services across your full range of customers. 

Make the Choice Simpler for Your Clients

Whether you use the NIST Cybersecurity Framework above or another, the important part is to help your clients make the best choice for them and to feel confident in their choice. Using a gap analysis is a great method to consult your client and help them make informed decisions.

By Elliot Anderson

Topics Covered

Share This

Subscribe for Exclusive Updates

Stay informed with the most recent updates, threat briefs, and useful tools & resources. You have the option to unsubscribe at any time.

Related Articles

🚨 New Webinar Alert! 🚨

Q2: SOC Quarterly Threat Briefing

🗓️ Date: July 24th, 2024
🕒 Time: 11 AM (PT)

Secure Your Spot!
Privacy PolicyTerms & ConditionsSitemapSafeHotline
magnifiercrossmenuchevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram