Making money in managed services is often like walking a tightrope. Profit margins can be tight. A Service Leadership INDEX survey found an MSP's average profit margin is 8%. "Best in class" MSPs can have margins of 18%. The question must be, how do some MSPs keep healthy profit margins while others are cut to the bone?
SMBs often see cybersecurity as a "nice to have," something they may be able to do without. That is, until the worst happens. As captured in 2023 IBM research, the average cost to an SMB of a cybersecurity breach is $3.31 million. Many small companies go under because of data breaches or ransomware attacks, so they must have access to cost-effective and robust cybersecurity solutions.
So, how can an MSP convince its clients of the importance of cybersecurity measures while maintaining a healthy profit margin? TitanHQ explores what kills profits and how to beat the margin killers.
What are the Five Most Common Margin Killers?
Focusing on where profits are typically lost gives an MSP the means to control those errant costs. Here are our five margin killers and how best to overcome them to move beyond the competition.
Lowballing
We all love a bargain, but sometimes cheap really does mean poor quality. When you choose to represent a cybersecurity solution, make sure it is the best-of-breed at an affordable price. Poorly designed and developed cybersecurity solutions will result in security gaps in your clients’ cyber defenses. Cybercriminals are innovative and regularly develop new evasion techniques. Cybersecurity solutions must be updated periodically to keep ahead of the threat landscape. When evaluating a cybersecurity solution for your client base, check out the track record of capturing threats like phishing. Does the solution use advanced technologies like AI and Natural Language Processing (NLP) to help detect emerging and zero-day threats?
By choosing a cybersecurity solution wisely, you can build a resilient tech stack to keep your customers secure and compliant. Happy customers tend to renew contracts and may buy more products from a trusted MSP.
The Seamless Upsell
So, your customers love your cybersecurity solution, but how do you create that seamless upsell?
An MSP must work to build an outstanding security stack that provides comprehensive and layered security. Creating a unified security offering will bring customers back for more if they trust your choices and know that integration with existing productivity, communication, and collaboration apps is seamless. When building your security stack, look for solutions in core areas to cover the multi-layered security your customers require. Here are some ideas for building comprehensive security offerings that secure the mainstays of cybercrime – communication methods like email and the human factor:
Email Security: As email is the number one vector for cybercriminals, offering a unified approach to email security is essential. Choose email protection technologies that integrate with common business platforms, like Office 365, to protect against phishing, spam, social engineering, and malware. Add email encryption and data policy enforcement to your portfolio to ensure that data loss prevention (DLP) is offered.
DNS Filtering: Spear-phishing emails and spoofed branded websites are behind many cybercrimes, including data theft, credential theft, and ransomware infection. To stop a cyberattack, this cycle of phishing emails, the urge to click, and malicious websites must be broken. A DNS filter breaks this cycle, providing an essential layer of protection.
Email Archiving: Many of your customers will be subject to regulations that mandate the use of email archives. Others will require a way to archive emails to ensure they have evidence in the case of legal disputes. Adding email archiving to your portfolio extends your security reach, providing additional sales potential.
Security Awareness Training: The human factor in cybersecurity risk is well-established. An MSP that can offer security awareness training to its customers rounds off a comprehensive security offering. Some security awareness training packages, like SafeTitan, are designed to be deployed and managed by an MSP. SafeTitan has a simulated phishing platform to train your customer’s employees to identify phishing emails.
Any solution added to your security stack must be unified and integrated. If you offer a comprehensive solution suite that works for you and your customers, you will likely make upsells and continue contract renewals.
Read more: “MSP Training for Security Awareness.”
Time-Wasting Solutions
Having a comprehensive security stack is great for business; what is bad for business is managing time-wasting solutions. Some solutions are just hard work. Security gaps can appear if a complex solution is set up and managed. A whopping 64% of organizations have experienced data breaches due to misconfigurations in the cloud. NSA and CISA Hunt and Incident Response teams list the top 10 most common network misconfigurations. These include default configurations of software and applications, improper separation of user/administrator privilege, and poor patch management. Poorly designed cybersecurity solutions could end up costing you a good profit margin and creating unhappy clients.
Choose a solution to add to your comprehensive security stack that is easy to use and designed specifically for an MSP to deliver and manage. Advanced security solutions, like those from TitanHQ, are designed to make the life of an MSP easier. Our solutions are cloud-based, centralizing, roll-out management, and easy tech stack integration. TitanHQ’s MSP program equips your company with the tools to protect your clients while ensuring your management and maintenance overhead is minimized.
Read more: “5 Essential Factors MSPs Need to Consider When Choosing a Security Platform.”
Client Management
The MSP-client relationship is as meaningful as your technology offering. Unmanaged customer relationships can become costly quickly. For example, is a customer taking time to give you essential details to deploy a solution? Could you speed up the process? Are customers asking for more than their contract stipulates? Contract bloat is a costly business that can see an MSP working for nothing. Ensure that your customer service level agreement (SLA) contains all potential additional costs for addons and charges for unexpected tasks. Train your employees to manage customer relationships and ensure they follow the contract.
Market Like a Pro
MSPs are in a highly competitive market. The MSPAlliance has identified around 150,000 MSPs globally. You need to develop an effective marketing strategy to stand out in the crowd. Build a marketing and sales strategy that educates and informs your current and potential clients about cybersecurity risks. TitanHQ's blog contains lots of information about the dangers of cyber threats to an SMB. Using research and writing skills, you can create informative and engaging newsletters and blog posts that help educate your audience.
Importantly, choose a vendor, like TitanHQ, that will commit to helping with your marketing.
Another area that can help win clients is having a content strategy optimized for search engines. Using SEO wisely can provide effective marketing at a low cost.
Watch our recent webinar on: “How to Use SEO to Grow Your MSP Business.”
An MSP may be in a highly competitive field, but the MSP that controls costs and maximizes profits will stay ahead of the game.
To help build a successful cybersecurity tech stack, check out TitanHQ’s MSP First Partner Program.