Kaseya Connect: How MSPs Can Make Money on Cybersecurity Services

KASEYA CONNECT — MSPs at this week's Kaseya Connect shared strategies for increasing revenue from cybersecurity services, which can be challenging, even when their customers realize its importance.

A recent Canalys poll found 71% of partners make gross profit from cybersecurity managed services, but only 24% make more than 40% gross profit. Canalys said one in four (25%) partners struggles to profit from managed services. The analyst firm blames poor pricing, product strategies and cost overhead. In short, MSPs are charging too little and paying too much in service delivery costs.

In an MSP panel on “What It Takes to Succeed (for Business Leaders)” at Kaseya’s Las Vegas conference, the MSPs revealed methods they use to convince customers to spend appropriately on cybersecurity.

“Ask your customers if they have health insurance,” said Tim Conkle, CEO of The 20 MSP. “Ninety percent of them have health insurance, right? Because health can bankrupt you. I used to say health insurance is the one thing that can bankrupt what you spent your whole life building. But that’s not true anymore. One security incident can bankrupt your company."

IT Voice CEO Will Slappey said his company has adopted an auto-enroll program for security. When a new security tool comes out, IT Voice enrolls customers, gives them 90-days notice and allows them to opt out. Slappey said only 3-5% of his customers opt out.

Related:Kaseya’s Voccola: MSPs, SMBs Must Take Cybercrime, Compliance Seriously

“It’s amazing what happens when you reposition a customer’s decision to opt out versus opt in,” he said.

That low opt-out number shows that MSP customers consider cybersecurity services important, and are willing to pay.

“Back in the day, security was in the back end of the sales cycle; you were leading with support,” Slappey said. “Now security is on the front end of the sales conversations."

StoredTech CEO Mark Shaw agreed.

“Years ago, you didn’t think twice about security. Now it's critical; everybody’s always asking about it,” he said.

He said security can be tricky because states have different regulations. As an MSP that operates in multiple states, StoredTech has adopted security rules required in New York everywhere else, too.

Cybersecurity Services Can Face Regulatory Restrictions

“New York is pretty tight on cybersecurity,” Shaw said. “So we basically have taken the hardest state that we work in [as a model]. If you're a multi-state MSP, I think it's probably a good idea to take the hardest, most restrictive requirements for security and then apply them overall, regardless of what state you’re in.”

Related:MSP M&A, IT Glue Have Their Day at Kaseya Connect 2024

Shaw said he has started an insurance agency to sell MSPs cyber insurance.

“So we'll be able to go from our MSP to our family of companies to pick up the cyber insurance,” he said.

Kevin Damghani, IT Partners+ CEO, said the stakes are higher than ever for SMBs. (IT Partners+ was No. 52 on the 2023 Channel Futures MSP 501.)

“When you think about 10 or 15 years ago, the average MSP customer with 10, 15, 20 seats, if they were down for two or three days, they could still operate,” he said. “It would be an inconvenience. Now today, if you see you’re going to be down two or three hours — you say, ‘absolutely not.’"

While some of the MSPs said it was harder to get existing customers than new ones to pay for more security, Conkle said he found it the other way around.

“If you keep a good relationship with your customers, they expect you to come in and say, ‘Hey, there are some new threats,’” he said. “I promise you MGM [site of the conference and victim of a 2023 hack] would have loved if somebody walked in and said, ‘Hey, we see a threat in your business that will cost you 100 million bucks.’”

The MSPs shared other ways to improve profit, such as not overspending for tools and using AI and automation wherever they can.

“The kit is super important, but not so important that people should forget about the business side of the business,” Conkle said. “Most MSPs are engineers; it's OK to be an engineer.  But your tool should not be the thing that drives the business. If you say, ‘I wouldn't change my tools no matter what happened,’ you need to hire a CEO, or somebody who knows numbers.”

Related:Kaseya 365 Subscription for MSPs Makes Its Debut

Shaw said MSPs shouldn’t get infatuated with the latest technology.

“We have to realize at the end of the day, that kit is a kit,” he said. “Stop treating it like, 'I have to chase the next big product and the next big thing,' and fundamentally understand what works for you, and how you can deliver using that.”

The MSPs agreed that automation can help save money on tasks like billing and ticketing.

“It starts at billing automation,” Damghani said. “If you're talking more about AI and machine learning, you're looking at things like business analytics. You will be able to interpret your numbers even deeper so you can now start analyzing so many other paths and avenues that you couldn't before.”

“Automation is the gift that keeps on giving," Conkle added. "If you can automate billing, and it goes from three people doing it to one, you just sent money straight to the bottom line. Automation is a one-time cost that returns exponential return.”