How verticalizing your MSP is good for cybersecurity

| By:
Bob Gentzler

The coronavirus pandemic has dramatically exposed the risks and opportunities that managed service providers (MSP) wrestle with and reinforced the need to remain agile in our ever-changing industry. MSPs have impressively met the challenges and the accelerated digital transformation of many industries and a decentralized workforce. Some MSPs have concluded that diversifying the industries they serve reduces business risk. For example, if one of the industries they work with struggles due to any number of reasons, there are other strong industries they can lean on to make sure the MSP stays afloat. So, not having all your eggs in one basket, as the old adage goes. 

But is there an argument for staying in your lane and becoming an expert in one vertical? Yes, there is, and it especially affects the opportunity for MSPs in cybersecurity. 

Crises accelerate change and demand that our solutions improve the time to value for our clients. Research has shown that the companies that invest and capture market share during a downturn accelerate their own recovery and position in the marketplace. MSPs have a great opportunity to do that right now.  

Cybersecurity is at the forefront 

If we could choose a theme for 2021, it would most definitely be cybersecurity. It is in the headlines daily. Attacks are on the rise from many different bad actors; small-to-medium-sized businesses (SMBs) and the MSPs that serve them are vulnerable.  

We know from our Creating Opportunity from Adversity: The State of SMB Cybersecurity in 2020 report that 91% of SMBs would switch to a different MSP if they offered the ‘right’ cybersecurity solutions and that 86% of SMBs are prioritizing cybersecurity within their organizations.  

MSPs can no longer consider cybersecurity services an option; rather, they are a must-have. An MSP must first protect their own house and then be able to clearly articulate the value of enhanced cybersecurity to clients and prospects. And getting it ‘right’ is the key to new revenue and profits! 

As MSPs look for ways to position themselves as leaders (or at least competent) in the cybersecurity space, the question they need to constantly ask themselves is, “Does my strategy help my client succeed, control their business risk, provide security, and meet compliance demands?” It’s worth considering a vertical strategy. 

When an MSP verticalizes, they move further and further up the IT/Business value stack to become an expert in that space, allowing them to provide more and more value to their clients. Clients need and will pay for value today, more than ever before. 

With increased expertise comes deeper knowledge of compliance requirements, industry regulations, technology requirements, and tools that are purpose-built for that industry. In essence, as an MSP moves up the stack, they start to speak the client’s language. Once that happens, clients start to view MSPs as trusted advisors more than just a third-party vendor and will be more willing to pay for their services, as they will trust that MSP to keep their businesses secure and operational. An MSP that provides Reliable, Available, Secure (RAS) technology services to their clients is seen as doing it ‘right.’ 

Every industry has its own unique cybersecurity needs. Working with healthcare systems will have its set of challenges, while dealing with a bank or government agency will be a different animal. Manufacturers that work with the defense department or export within international laws demand and reward expertise. To truly get the needs of one specific industry, an MSP needs to be fully ingrained, trained, and knowledgeable in that area. 

Cybersecurity is primarily a business issue, not an IT issue 

To be honest, there’s a roadblock MSPs need to get around when it comes to talking about cybersecurity with clients. There is an old saying, “There is margin in mystery.” We (me included) have promoted that we understand technology and that the client can trust us to “Make IT work.”  

The problem is, many SMBs assume that their MSP has them covered. In their minds, paying an MSP for IT services is synonymous with getting all the cybersecurity protection they need because it is an “IT issue.” I talk to MSPs regularly that are faced with very uncomfortable (or worse) conversations with clients that have been breached at no fault of the MSP. So, first and foremost, MSPs must have those hard conversations with their clients about what the risks are to make it clear what is covered, what risk the MSP assumes, and what remains the responsibility of the client. After all, what the client doesn’t know can and will hurt them and the MSP. This hard conversation is made much harder if the client is in the midst of paying to clean up a mess, deciding whether or not to pay a ransom, or dealing with unhappy clients and regulators.  

The second issue arises from the fact that SMBs are always more willing to pay for someone to help them grow their business rather than someone who will help them stay secure. The challenge here is to get SMBs to understand that by focusing on cybersecurity, they will, in turn, be able to successfully grow their business. That connection is very difficult to make if you don’t understand their industry. Being secure improves their brand and can differentiate them from competitors. 

MSPs need to be able to articulate the value of being more secure. Show clients the costs that come with ignoring cybersecurity. There are business risks that come with downtime caused by various factors, and there are huge costs associated with business email compromise, ransomware, and other cyberattacks. 

But then there’s also the perceived risk that clients and prospects weigh when they consider giving an MSP their business. The same is true for the clients’ businesses. If an MSP has a reputation for supporting client’s businesses and keeping them running smoothly and securely, that will result in more business for that MSP. An MSP can also help their clients articulate their own improved security to their customers, resulting in more business to them.  

By mitigating risk and putting a cybersecurity lens on everything, not only is an MSP investing in their own growth, but they will be helping their clients grow as well. There’s incredible value in that.  

Verticalizing still has plenty of value 

To sum up, even though COVID-19 showed the benefits of diversifying during unprecedented and unpredictable times, staying in one’s lane and truly becoming an expert in one’s space can have a tremendous payoff for both the MSP and their clients and accelerate growth as we come out of the current environment.  

This may require a shift in strategy and a plan for how to operate with a cybersecurity focus, but it’s all about long-term goals, right? If an MSP wants to grow and evolve, they need to be fluid and adaptable, and verticalizing may be a smart way to do that.