Complete IT had been aware for some time that it needed to place a greater emphasis on cybersecurity. Whether or not it offered security services, it would still be held accountable if one of its clients experienced a breach.
“Unfortunately, in this day and age, when something does go wrong, the MSP is going to be in the hot seat for not doing more,” Scott said. “The client says ‘no one told me any of this.’”
Complete IT did offer risk assessments—but only as part of its most expensive security packages. That meant that only a small percentage of clients had access to this valuable offering. And since they couldn’t get a risk assessment through Complete IT without paying for other premium services that they may not have needed, the chances were high that they’d start shopping around elsewhere.
“You don’t want a client doing business with someone else because they didn’t think you could offer them that service,” Scott said. “Before you know it, that vendor is quoting on the services that you’re providing as well—and may be seen as more of a trusted advisor because they’re providing guidance on the things that the business values.”
Offering risk assessments to more clients made sense. There was just one problem: they were a massive drain on the company’s resources.
“Preparing a security analysis usually requires a high level of resources to perform the audit and correctly write up the output to present to the client,” Scott explained. “You end up having your best people do everything.”
ConnectWise Identify provided the key, making it easy and cost-effective for Complete IT to offer risk assessments at scale.
“ConnectWise Identify gave us the ability to produce a high-value, consistent security risk assessment with minimal involvement on our end,” Scott said. “It’s really valuable to get in there and talk to clients about risk in advance of the worst happening, because that’s part of the trusted advisor role. You’re seen as bringing the news to the client, rather than always being on the back foot.”
After adopting ConnectWise Identify, account managers on the sales team proposed rolling risk assessments into every bundle. They understood that while some clients would ignore the recommendations, these assessments would still unlock the door to countless upselling opportunities that are mutually beneficial to Complete IT and its clients. Clients would be exposed to security services that they might not have considered otherwise that could mitigate the risk of cyberattacks to their businesses, while Complete IT could capture additional revenue from offering these additional services.
Their instincts proved correct: since Complete IT acted on the account managers’ suggestion, many clients have signed up for consultative services. And by taking a more proactive approach, the company’s reputation is protected.
“We’ve at least gone through the risks and we’ve discussed them,” Scott said. “A massive part of being a client’s managed services provider is these discussions. It’s very easy to get criticized for things you didn’t do.”
A Revenue-Generating Roadmap
From the very beginning, Complete IT knew that it didn’t want to take a one-size-fits-all approach to cybersecurity. This wouldn’t be consistent with the company’s promise of establishing individualized and collaborative relationships with its clients. And since every client has unique priorities and weighs risks differently, this approach wouldn’t have generated the results Complete IT wanted.
Instead, the MSP uses the risk reports generated by ConnectWise Identify as a jumping-off point to have collaborative conversations with clients—discussing where their weaknesses lie and possible steps to mitigate risk.
“One of the things I really like about the ConnectWise Identify report is that it’s a consultative document,” Scott said. “It’s informative and educational. It’s not a quote, and it’s not a proposal by any means. It’s almost like a third party has written it, which is how it needs to be. I was very glad to see that it wasn’t full of product recommendations, because that would have spoiled it.”
Scott found that the reports smoothed the transition into a discussion about the company’s security offerings. And by using the report to determine which risks pose the greatest threat to the client and which they care about most, Complete IT can provide more tailored solutions.
“Rather than having to go in and sell, you are facilitating client buy-in because you are listening to which risks they consider most important. Consequently, you can offer solutions and services that can mitigate those specific risks,” Scott said. “Most people prefer buying-in. Very rarely do they want to be sold to.”
Since ConnectWise Identify breaks down each risk and recommendation in terms of business outcomes, it’s easier for Complete IT to make a compelling case to business leaders who might not be familiar with highly technical terms.
“It speaks a language that non-technical decision makers can speak, which traditionally has been a challenge for MSPs,” Scott says. “As an industry, we’re far more comfortable talking about gigabytes and megabytes than we are about business outcomes and goals. This sort of service carries our industry into that world, which is a very positive place for us to be.”
The reports generated by ConnectWise Identify also serve as a valuable sales document for Complete IT’s clients, allowing them to better answer questions about their data security during the proposal process. This bolsters Complete IT’s reputation as a trusted advisor, helping its clients grow their businesses and find greater success.
“We tell clients that by investing in security solutions and following recommendations, they also gain a flag that they can wave to demonstrate to their clients and prospects about how they protect their data,” Scott said. “That can make a real difference in competitive situations.”