Do SMBs truly realize their businesses are at risk?

Objections to advanced cybersecurity protection tend to get complicated. From “we’re too small to be legitimate targets” to the tried and true “it’s too costly” comeback, sales teams are often forced to overcome a seemingly endless list of hindrances when pitching these vital services.

It’s not as if any business can afford to be caught without an effective cybersecurity program these days. The risks of litigation or fines for regulatory non-compliance are simply too big, and an increasing reliance on computer systems makes virtually every organization extremely vulnerable to hackers and other cybercriminals. One simple mistake could take down the network and significantly disrupt company operations ‒ maybe permanently.

Many SMBs still haven’t connected the dots. Whether they can’t comprehend the ramifications of their inaction or simply decided to hedge their bets and gamble with their company’s future ̶ the impact of a cyber incident could be devastating. The resulting damage caused to their infrastructure, company reputation, and bottom line could force them to close their doors like who would ever have thought that just one employee opening an infected email or using a weak password might be the root cause of a successful organization going out of business? To many, those prospects may seem far-fetched and a scare tactic that providers and vendors might use to sell more cybersecurity services.

MSPs understand those risks are real. The problem is getting clients to buy into those concerns ̶ not just with their minds, but with their wallets.

Connect the Dots

The best way to emphasize the dangers of lax cybersecurity to business leaders is to put a dollar figure on their own situation. Whether a breach or ransomware attack takes down their systems for an hour or a day, every decision maker should understand its financial impact.

MSPs who can calculate and convey those costs for each specific client have a greater chance of securing the business. At the very least, they’ll peak their prospects’ interest to engage in a meaningful conversation around downtime and cybersecurity.

Precision isn’t the objective. Some companies may not be willing to provide MSPs with detailed financial numbers to calculate downtime costs but knowing the prevailing wages and other local expenses should help you build fairly accurate estimates. The key is to spark their curiosity and, hopefully, incite discussions that drive new cybersecurity services contracts.

What costs should you factor into the downtime equation?

  • Calculate the total hourly wages of the company’s workforce including benefits and taxes. While employees may be able to perform some work activities without access to their systems and work data, this figure represents the worst-case financial loss situation. It’s a great starting point for your client cybersecurity conversations.


  • How could the organization’s sales be affected by a major incident? Cybersecurity is a particularly important factor for those involved in e-commerce or who receive orders via email and other forms of electronic communications. Lost or delayed information, or an inability to complete transactions, affects not only their bottom line but could negatively impact future sales and the customer experience.


  • Could cybersecurity failures impact your customers’ relationships with their current and prospective clients? Incidents that expose credit card and sensitive customer data can significantly damage an organization’s branding efforts and community standing. Substantial public relations and marketing investment may be required to help rebuild their reputation ‒ and there are no guarantees those activities will pay off.


  • Though it’s hard to measure, cybersecurity incidents often create stressful work environments, negatively affect morale, and increase employee turnover. Those costs aren’t easy to quantify but should be part of the conversation with clients and new business prospects.

The good news for MSPs? You don’t have to reinvent the wheel to approximate downtime costs. Several channel-specific resources are available, including the free Datto Recovery Time Calculator (RTO), a tool that providers can use to estimate the financial losses incurred when clients can’t access their business data. CompTIA offers a similar tool MSPs can access simply by registering on the association’s website.

With those numbers in hand, you can personalize the cybersecurity discussion for every customer and stand a greater chance of increasing the size of each deal. After all, the more they value their uptime, the easier it should be to sell them the services their businesses really need. Why settle for less when a few simple calculations can help you deliver the right support and secure larger contracts?

Of course, there is one caveat. MSPs will inevitably run into those price-conscious prospects who don’t see the value in the intangibles such as reputational damage or employee anxiety. Those individuals also tend to discount the impact a breach can have on sales and productivity.

No matter what the objection, calculating downtime costs allows MSPs to carry out more meaningful cybersecurity discussions and, with the right preparation, close larger deals. Connect the dots for your customers and prospects and enjoy the results!

Brian Sherman, Content Director, IoTSSA