How MSPs Can Communicate the Value of Cybersecurity to Their Clients

This is an excerpt from a recent podcast interview between Troels Rasmussen and Pete Roythorne.

For many Managed Service Providers (MSPs), one of the biggest challenges is not just delivering exceptional cybersecurity services but communicating their value to clients. Despite the rising tide of cyber threats, end customers often view cybersecurity as an IT problem rather than a business necessity. In a recent podcast I talked to Troels Rasmussen, MD of Security at N‑able, about how he believes this mindset must shift: «What has changed or needs to change if companies haven’t gotten to it yet, is that [cybersecurity is] a core tenet of having a resilient business,» explained Troels.

It’s no longer enough for MSPs to simply provide security services. They must also educate their clients on why these services are essential to the survival and success of their businesses. Many customers don’t realize the potential costs of a cyberattack—not just in terms of data loss, but in downtime, legal liabilities, and reputational damage. Troels emphasizes that cybersecurity should be seen as an integral part of business operations: «If you don’t have the right security posture, you’re setting yourself up for a potential extinction event» he adds.

The Disconnect Between Cost and Value

One of the most significant hurdles MSPs face is helping their clients understand the cost-benefit equation when it comes to cybersecurity. Many businesses, particularly SMBs and SMEs, see security as an optional or secondary expense rather than a necessity. «People will always try to rationalize costs,» says Rasmussen, “and this mindset can often lead businesses to seek the lowest-cost solutions.”

However, Troels argues that MSPs need to encourage their clients to think beyond the immediate price tag and consider the long-term impact of inadequate security. He suggests reframing the conversation to focus on the potential costs of not investing in proper security measures. «Ask clients how much it costs them to be forced out of business for an hour, a day, a week,” Troels explains. “This will help you understand their willingness to pay and highlight the value of not going out of business.»

MSPs can use this approach to communicate the risks and the financial implications of downtime, data breaches, and recovery efforts. By helping clients see security as a critical investment rather than an avoidable cost, MSPs can position themselves as trusted advisors, not just service providers.

Changing the Mindset Around Security

Another thing that MSPs battle with is getting passed the traditional mindset that security is solely an IT issue—this is both outdated and dangerous. In reality, cybersecurity is a business-wide concern that affects every aspect of an organization. As Troels explains, end customers must take ownership of their security posture: «Security has been historically perceived as an IT problem,” he says. “It isn’t something you ask a person to go solve, and you as a business owner have a stake in it whether you want to or not.»

For MSPs, this means educating clients about the shared responsibility of cybersecurity. It’s not something that can be outsourced entirely—business leaders must be involved in making decisions about their security posture, just as they are involved in other critical business operations. Troels likens it to other essential business protections: «It’s like you do your insurance, your pipeline planning… What happens if your product facility shuts down? It’s the same with security,» he says.

This analogy can be a powerful tool for MSPs when discussing security with clients, especially those in industries where business continuity is paramount, such as manufacturing or healthcare. By comparing cybersecurity to other forms of insurance or risk management, MSPs can help clients understand its importance as a strategic investment.

Overcoming Cost Objections

Cost is often the biggest sticking point when discussing cybersecurity solutions with clients. Many SMBs are hesitant to invest heavily in security, especially if they haven’t experienced a breach themselves. Troels acknowledges that people often try to nickel-and-dime security services, but he warns against this mindset: «Trying to save 50 cents on your coffee versus getting a better rate on your mortgage—that’s what it’s like when clients try to rationalize IT costs especially security spend,» he says.

To overcome these objections, Troels suggests focusing on the bigger picture. MSPs should help their clients see that cutting corners on security can lead to far greater expenses down the line, especially in the event of a breach. By emphasizing the long-term benefits of investing in high-quality security services, MSPs can help clients avoid the false economy of saving money on security only to face much larger financial losses due to a cyberattack. MSPs should position themselves as trusted advisors, helping clients understand the risks of underinvesting in security and the value of resilience.

Communicating Proactively, Not Reactively

Another challenge MSPs face is that many clients only realize the value of cybersecurity after an incident has occurred. In these situations, clients are often willing to pay for robust security services—but by then, the damage has already been done. «When they’ve been through a breach, they’re usually very willing to pay. The challenge is getting them to do that beforehand,» he concludes. «The reality is that the multiples on solving things after the fact are way higher. The cost of incident response, forensics, and recovery is far greater than the cost of proactive security measures.”

To avoid these reactive situations, MSPs must be proactive in their communication. They should regularly assess clients’ security posture and provide clear, actionable recommendations on how to improve it. By offering continuous education on emerging threats and evolving security standards, MSPs can help clients stay ahead of potential attacks and build a more secure environment.

Additionally, MSPs can use real-world examples of businesses that have suffered from cybersecurity breaches to illustrate the consequences of not investing in security upfront. These case studies can help clients understand the risks they face and why proactive measures are essential for protecting their businesses.

MSPs as a Trusted Partner in Security

For MSPs, communicating the value of cybersecurity to clients is about more than just selling services—it’s about helping clients understand the role of security in safeguarding their entire business. As Troels explains, «Cybersecurity is not a one-and-done—it’s an ongoing process. MSPs must emphasize that investing in cybersecurity is not just about preventing breaches but about ensuring long-term business resilience and continuity.”

By focusing on the potential costs of inaction, reframing cybersecurity as a critical business function, and proactively educating clients, MSPs can help their clients see the value in building a robust security posture. This approach not only leads to better client outcomes but also strengthens the MSP’s position as a trusted partner.

To explore more strategies on how MSPs can effectively communicate the importance of cybersecurity, listen to the full podcast episode featuring Troels for expert insights and practical advice.

Beyond the Horizon, Episode 11: Building Resilient Businesses: The Critical Growth Areas of Security for MSPs

• Listen on your favourite streaming platform: click here
• Watch on YouTube: click here

Pete Roythorne is Senior Brand Editor at N‑able