Today’s work-from-home environment has
created an abundance of opportunities for offering new cybersecurity services in
addition to your existing business. With cyberattacks increasing in frequency
and sophistication, business owners and managers need protection now more than
MSPs are ideally positioned to deliver the
solutions businesses need in order to adapt to the current environment. In this
post, we’ll briefly summarize four ways to fine-tune your cybersecurity GTM
strategy for capitalizing on the shifting demands of today’s market.
A cybersecurity GTM strategy is not a one-size-fits-all
proposition. Each customer has unique needs. Some operate with higher levels of
remote workers than others. Some may have more sensitive data than others. And some
will have lower tolerances to the financial impact of a data breach than others.
So, understand the current state of your customer’s ability to adequately
protect against, prevent, detect and respond to modern cyberthreats, and then
focus on what aspects of cybersecurity are important to them.
Today’s businesses need a cybersecurity
strategy that defends against the methods and vectors of attack employed by
today’s cybercriminals. This includes highly deceptive and effective tactics
like Ransomware, phishing and business email compromise (BEC). These methods
require a layered approach, where each layer addresses a different vulnerability
within the larger network topology:
- Perimeter – This is the
logical edge of your customer’s network where potentially malicious data may
enter or exit. Endpoints (wherever they reside), network connectivity points,
as well as email and web traffic all represent areas that may need to be secured.
- User – The
employee plays a role when they interact with potentially malicious content. They
can either be an unwitting victim or actually play a role in stopping attacks.
This makes it necessary to address the user as part of your GTM strategy.
- Endpoint – Consider
the entire range of networked devices, including corporate and personal
devices, laptops, tablets and mobile phones. Every endpoint needs to be
- Identity – Ensuring
the person using a credential is the credential owner is another way to keep
- Privilege – Limiting
elevated access to corporate resources helps reduce the threat surface.
- Applications – These are
used to access information and valuable data. So, monitoring their use by those
with more sensitive access is critical.
- Data – inevitably,
it’s the data that is the target. Monitoring who accesses what provides
additional visibility into whether an environment is secure.
For each layer, there’s a specific tactic or
vector that can form the basis of an attack, as well as specific solutions that
address vulnerabilities at that layer.
Pricing can make or break a managed service.
Too high and the customer is turned off. Too low and there’s not enough
perceived value. Pricing is the Goldilocks of the MSP world. It needs to be
Unlike most of your other services,
cybersecurity is a constantly moving target, which can make pricing a
challenge. After all, a predictable service offering equates to a profitable
one. The unpredictability of trying to keep your customers secure can therefore
impact profitability. So, it’s imperative that you get pricing correct. Your
pricing model needs to address a few things:
- It needs to
be easy to understand – Like your other services, pricing should be straightforward.
- It should demonstrate
The customer needs to see how the service justifies the expense.
- It needs to
focus on protection – Because you have no ability to guess the scope and
frequency of attacks, it’s important to keep the services centered around
- Consider all
your costs – Cost is always a factor for profitability. As you
determine pricing, keep every cost factor in mind.
Assuming you’re going to be looking for new
customers with this service offering (in addition to selling it to existing
customers), it’s important to think about how to engage prospects. The days of
cold outreach are long gone as 90% of buyers don’t respond to cold calls3. Instead,
today’s buyer is looking to establish connections with those they believe can
assist their business. Social media sites have become the primary vehicle for a
number of aspects of the buyer’s journey:
The biggest challenge with bringing a
cybersecurity service to market is meeting the expectations of the prospective
customer. Demonstrate value from the very first touch through social media engagement
and content. Meet their unique needs with comprehensive solutions that address all
their security vulnerabilities. And finally, make sure your pricing is simple,
straightforward and easy to understand.