Back to Blog

Selling Cybersecurity to SMBs [2020 Guide]

Parker Byrd

Selling cybersecurity products and services should be an easy sell to small-medium business clients. After all, they are the target of most ransomware attacks. But these services are often hard to get customer buy-in for a few reasons:

  • Your existing customers just don’t want to spend anymore money
  • The services were positioned wrong, and didn’t make sense for the customer
  • Most prospects see it as a cost center rather than an investment
  • They just aren’t convinced they need it

When you can properly position cyber security products, it can not only increase your monthly recurring revenue (MRR), but it can be the driving force to get you new clients. Here are a few tips to position and sell security products to SMBs.

New call-to-action


The small business world is massively under-educated in the world of cyber threats. Because of this, they often have large vulnerabilities within their organization. This is where you come and educate them about what’s out there and how they can stay secure. You’re not pushing product, but purely educating. Not only will it delight your customers, but it will give you massive ROI downstream. Educate your audience, and they will naturally gravitate toward you.

One quick thing, though. Don’t “techsplain”. Your job isn’t to explain how amazing your technology is or walk through the detailed features of your services. Your job is to story-tell. When talking about cyber security with a project you’ll likely hear things like:

“I’m not a target”

“I already have a firewall and anti virus”

“My employees aren’t going to click on a phishing email”Y

ou can overcome these objections by storytelling. Show the business impact of cybersecurity, or lack thereof. Tell the story of the situation, impact and resolution of cyber threats. When you position people over systems and help create best practices, you’ve built trust and the products are a much simpler sell.

Another way to educate and build credibility is by providing case studies from other clients. First, approach an existing client that got real results from your services or a brand new client who’s excited to get started. Then, ask their permission to share that information and even cooperate in building the case study. You could even offer them a discount for doing so.Real proof of your service is better than anything you could ever say.

Provide Value

Similar to point #1, your job as an MSP or VAR is to provide tons of value to current and future customers. This is can be in many forms: blogs, ebooks, presentations, social media, videos, and more. You’re responsible for helping them discover overlooked areas or misunderstood threats within their company. This aspect has massive implications on the future of your business.

To scale back and think about this, let’s take 2 cleaning companies, for instance.

Company A has little online presence and a simple website featuring a form to order a cleaning, and not much else. They were told to create a blog. They said “And what, teach people how to clean their house?! We want them to pay us for that!”

Company B has a blog and distributes the articles on social media. Articles such as “How to remove stains with items you probably already have” and “Best cleaning products when you have a newborn”. They get exponentially more traffic, and in turn more business.

These are real companies. Company B cleaned my house recently more than a year after I read an article by them.

Providing value builds trust and wins customers. Simple as that.

Now, take that example, and see if you can apply it anywhere within your organization.

Put yourself in their situation

When selling cybersecurity products, think about your customer. What’s important to them? What is the information they need to make a smart decision for their company?

Often times, the person you’re talking to doesn’t care about flashy tools, they care about results. You need to make a business case for their success.

Also, avoid fear as your driving factor. Position the relationship as a consultancy, rather than shoving fear, uncertainty and doubt down their necks.

This is most important when explaining cost. If you can help SMBs operate more effectively and efficiently with cybersecurity, you can make a real business case that’s worth the dollars.

Know how to Bundle

As a manager of several different services, you have a lot of different things to offer. It can be tempting to bundle every security product together and call it a day. But businesses are all different.

Rather than creating a one-size-fits-all security product, know how to evaluate their needs and bundle together a suite of services that works for them.Making the right vendor partnerships is paramount in this as well. Good vendors will work with you to best position their services for each situation.

Measure and Deliver results.

So you’ve made a sale, you’re bringing in MRR, and you’re feeling good. But you forgot about the first “R” in that acronym: Recurring. If your clients aren’t seeing or understanding the results, they may question their purchase. After all, “nothing happening” is the best case scenario for most security situations. How can you take credit for nothing?

Proper reporting and communication is so important to keep a cybersecurity relationship healthy. Show the value in what you’ve done, and deliver results that make sense for the dollars they spent. Use the storytelling skills you’ve already acquired for this.

“I don’t even have any leads. How do I start selling?”

If you haven’t started having the cybersecurity conversation yet, you can start with a few things.

For existing customers, approach them with case studies and a business case that makes sense for them. If you’ve been solving their problems for a while, they should trust you, and helping create fewer problems is a natural progression for the relationship.

If you’re starting fresh and looking for new customers, start with a combination of points 1 & 2. Create valuable, educational content in the form of ebooks and reports, and use these as lead generation tools.

Selling cybersecurity to SMBs comes down to positioning your service in a way that makes sense for your customer. It has to make sense financially, and frankly they need to know what you’re talking about. Meet them where they are and build trust, and you’ll start seeing cybersecurity as the highest source of MRR in your company.

Sign up for our  newsletter

Get Free Exclusive Training Content in your inbox every month

Share on social media: 

More from the Blog

Never miss a post.

Enter your email below to be added to our blog newsletter and stay informed, educated, and entertained!
We will never share your email address with third parties.