IT Security: Find Profitability in a Service No One Wants to Use

No one likes paying for things they hope they will never use. Whether it’s car insurance or fire alarms or life vests, our objective is to let those items collect dust, because the alternative means something bad has happened. IT security is no different.

No organization wants to be hacked, unauthorized access is never fun, and we all wish the only phishing activities we’d witness was a jam band from Vermont. But just as it would be irresponsible to hit the high seas without enough life jackets for everyone aboard, it’s equally foolish and shortsighted to leave the virtual gates of an organization’s computing environment unguarded.

And there is much to guard against these days. Bad actors are pummeling the IT infrastructures of companies of all shapes and sizes. They test and probe for weaknesses to exploit. Once inside they can wreak havoc, steal data, cripple essential systems and literally hold organizations hostage.

The cost of cybercrime-related damage is expected to reach $6 trillion in 2021, doubling the annual bill for such activities since it hit $3 trillion in 2015. Data breaches via hacking, malware, phishing, and social engineering are rampant and increasing, with billions of records, passwords, credit card numbers, and more being divulged or sold on the dark web.

Simultaneously, existing and newly introduced regulations are raising the bar on how companies that collect and store personal data handle and protect it. From GDPR in Europe to the California Consumer Privacy Act, management and safekeeping of personal information is a more difficult and onerous proposition than ever before. The stakes couldn’t be higher.

These paradigm shifts are driving worldwide spending on preventative measures to reach more than $130 billion by 2022. And while CIOs may be reluctantly allocating these funds and executive teams grudgingly approve them, investing in IT security has moved from optional to recommended to mandatory in short order.

Capitalizing on the Opportunity

For MSPs, this adjustment in market conditions requires a corresponding switch in how they approach their own customers and targets. Their sales strategy and messaging may have once focused on topics such as endpoint management and cloud migration, tacking on security services as an ancillary afterthought.

But, today, keeping data safe and being able to recover from a data breach or cyberattack-driven outage may be more top-of-mind for buyers than ever before. It’s a prime opportunity for MSPs to lead with security rather than relegating it to the tail-end of the sales cycle.

MSPs are uniquely positioned for this moment. Organizations considering outsourcing any aspect of their IT know cybersecurity is a vital issue for their survival, and they also likely realize they’re ill-equipped to handle this challenge on their own.

As trusted advisors, MSPs can educate customers and prospects on which defenses they should (if not must) put in place to adhere to applicable regulatory requirements and properly prepare for inevitable attacks. Fortifying these firms for 21^st century threats isn’t just a value-add; it can be the primary reason for engaging with an MSP.

To fully monetize this moment, MSPs must stop thinking of cybersecurity as a bonus revenue opportunity and begin considering it a vital pillar of their profitability. It is a premium service that in many ways offers a bigger ROI to customers than anything else in an MSP’s portfolio, given the possibilities of hefty fines, ransoms, or lost business that could accompany a breach or denial of service attack.

And while this may not have been the original business MSPs thought they were getting into, it’s the business they’re now in. Like it or not, you can’t effectively manage an organization’s IT needs without taking on