The Role of Security in the Sales Process

It is no secret anymore that the number one reason customers leave their current IT provider is due to a security issue. Therefore, as we are prospecting for new customers a good percentage of them will be looking for a more security conscious managed services provider (MSP). For this reason, our approach to selling IT services needs to be more security focused than ever.

Here are some key tips on how to structure your sales approach to give it a security angle.

Scenario #1: Prospect has not had a bad security experience yet

In this scenario, getting the prospect to be aware of the threat is paramount. Statistics and stories that showcase similar businesses in peril do well to set the stage. The bottom line is that you need to make sure they understand the threat is real and how much it could cost them. At this point some of you are probably wanting to comment about the ethics of fear-based selling. While I am not a proponent of fear as a selling tactic, there are legitimate risks that every small business must be aware of or it could quite easily cost them their livelihood. Presented in a factual way, it becomes less about using fear as a tactic and more about providing a consultative approach. Make sure you let them speak along the way so that you can hopefully pick up on their largest concerns. Doing this allows you to address those items in detail in your presentation.

Scenario #2: The prospect has already had a bad security experience

This one is a bit easier because if they already understand the threat and the risk they do not need to be convinced. The key here is to listen first. Do not assume that you know what they have been through. By listening to their story, you will assuredly pick up which pain points were their biggest concerns so you can address them specifically when you begin your pitch.

The presentation: How to present a security-forward sales pitch

As usual, remember to present benefits rather than features. Only a handful of prospects will actually understand your features. When explained in the context of how they prevent the risks mentioned above, they can apply those features to their needs. You can frame a presentation around the three key ideas of prevention, remediation, and recovery.

• Prevention is all of the proactive services you put in place to prevent threats from breaking in. This includes user education, firewalls, web filtering, email filtering, and patch management to name a few.
• Remediation is what happens when something gets in. Managed antivirus and endpoint detection and response (EDR) are the prime components of this more reactive component.
• Recovery is the final layer of security. When all else fails, how are you going to restore a customer from a devastating breach, hardware failure, or catastrophic event such as fire or water damage.

Presenting within this framework shows prospects what you are prepared to do—not only to prevent a threat from affecting their business but also in the event that it does. Most security experts agree that it is not a matter of if, but when a business will have some type of security breach. Because of this, it is extremely important that remediation and recovery be part of your security offering.

The close: Never forget to ask for the sale

Yes, I know it sounds cheesy, but so many of us have done a great presentation and then simply asked the prospect what they want to do. As an expert, it is up to you to tell them what they should do. Once you finish with the presentation, ask a few probing questions, like:

• How much would it cost them to be down for a day? A week? A month?
• Do they have access to customer data like credit cards, health information, etc. that could be stolen and used against their customers? What do they think the liability is if they are breached?
• Are they a vendor with access to the systems of other businesses? What do they think the liability is if those businesses are breached by way of their business?
• What is their tolerance for risk?

Once you have had a conversation around these, present your plan of action. Most likely you are not prepared on the spot to present them with a quote so you must determine the call to action appropriate for this point. If you have enough information to start preparing a quote, schedule the next meeting to present a quote. If you need to do some basic reconnaissance of their systems first, schedule that. Whatever you do, always ensure you have a concrete next action that will move the process forward.

Security is no longer the luxury add-on as it was previously. The most likely threat to a business is no longer hardware failure, fire, or storm. The threat will most likely come from an outside actor, an internal employee, or vendor with access to their systems. It is for this reason that security must be a primary concern and is absolutely vital to business continuity. It is your job as IT service providers to educate the owners and decision makers of these threats and more importantly how you can mitigate those risks.

Eric Anthony is principal of customer experience at SolarWinds MSP. Before joining SolarWinds, Eric ran his own managed services provider business for over six years.

You can follow Eric on Twitter at @EricAnthonyMSP