quarterly business review

The QBR as an MSP security sales tool

Print Friendly, PDF & Email

One common mistake MSPs make is assuming that their customers don’t want to hear from them. After all, they’re paying you to keep their IT running so they can be more productive, so, if they have a problem or a question, they’ll call, right? Not exactly. What typically happens is that when a client doesn’t see or hear from their MSP, they wonder, “Why am I paying this company a monthly fee when I rarely have problems?” Before long, the client may begin questioning the value of the relationship, and so begin the conversations about discounts or even shopping for a cheaper provider.

One of the best remedies to the scenario described above is a quarterly business review (QBR).

QBRs allow MSPs to highlight everything they’re doing behind the scenes to keep their customers’ IT running smoothly. In addition to using QBRs to provide an overview of past performance and incidents, they also create an excellent opportunity to help your clients develop strategic plans for the future.

Show clients how their security posture compares to their peers

MSPs can use QBRs to explore emerging needs and business opportunities with their clients, but it’s also a good time to assess the security posture of their IT infrastructure, networks and applications.

It’s vital to come to these meetings with data—not just data related to security incidents or attacks mitigated, but also industry-wide data about the current threat landscape. Using service ticket information from your PSA (professional services automation) tool can help lay this groundwork.

Next, provide an assessment of the strength of your client’s current security framework, along with recommendations for improvements. That should include an overview of obsolete systems and hardware, as well as a high-level evaluation of potential weaknesses, such as out-of-date security software, or unsecured devices or network access points. If you don’t have visibility to specific systems, offer your client a more comprehensive security assessment to provide a complete overview of where they are with security and where they need to be. Many clients use various networks and applications deployed in an ad hoc manner without a central, guiding view of their security. MSPs can provide a way to wrangle these disparate systems into a coherent security framework.

The MSP should also provide an overview of their security offerings and show how they can create a multi-layered approach to security. This should include discussions around the following threat vectors:

  • Network
  • Email
  • Web applications and cloud-based services
  • Remote access
  • Mobile devices
  • Humans

Explain that the weakest links in any security framework are employees who may be unable to identify phishing emails and other types of attacks. Ask your customers about any security awareness training they’ve done in the past. This conversation could lead to an opportunity to promote your training services, incorporating tools such as phishing simulators to help identify employees who need additional training.

Again, make your case with data. Leverage statistics from customers who are already using your security services and tools to demonstrate how the prospective client could increase their effectiveness when it comes to identifying and stopping threats. It’s also essential to show them the actual costs incurred from a network outage or data breach, as these figures can range broadly from company to company.

A security-focused QBR should conclude with concrete recommendations that will help your company meet the client’s security goals. You can prepare a list of recommendations in advance, but be prepared to amend the list to reflect client priorities that may come up in the QBR discussion.

Closing thoughts

While QBRs are often focused on past performance, they’re essential tools for discussing forward-looking strategies and priorities with your clients. These meetings also can play a crucial role in expanding the relationship, continuously improving security, and reducing risk.

Even clients that are already accessing your full suite of security offerings should receive a regular update on:

  • Existing/emerging threats
  • Specific details about how your company is managing those threats
  • Any updates that might be necessary to address the shifting security landscape.

Leverage monthly newsletters and social media to provide more frequent touchpoints with your clients. The key is to continuously demonstrate your company’s value and look for opportunities to increase your value over time.

Scroll to top
Tweet
Share
Share