The Case for Generating Revenue with Security Awareness Training
Many MSPs are coming around to offering their clients layered cybersecurity solutions that include services like user security awareness training.
With increasingly complex cyber scams emerging all the time, the ubiquity of employee-owned devices on corporate networks and the rising value of data—just to name a few reasons—employers and IT managers are growing painfully aware that endpoint protection alone is no longer sufficient protection.
With increased adoption come questions of how to package and sell these value-add services. In particular, many of our clients grapple with whether to include security awareness training as a way to reduce security incidents and, therefore, costs, or to charge for a service that is undeniably making their clients’ work environments safer.
Providing a Valuable Service
The effectiveness of security has been repeatedly confirmed by numerous articles and studies. Given that, according to the research-oriented Ponemon Institute, security awareness training delivers an average ROI of 37x, MSPs can easily rationalize offering it as a free, add-on service.
“If it reduces my incident costs and strengthens my overall security posture, why not roll out security awareness training as a part of my standard layered security bundle?” Or so the thinking goes …
But consider that Webroot data suggests educating employees on the threats they face online can reduce the number of user-enabled breaches by more than 86 percent over time. Or that the Ponemon Institute pins about 80 percent of all successful data breaches on human error. It becomes apparent that this is a hugely valuable service to provide clients.
What other service that provides so much value would be offered free of charge? And then consider that, for it to be most effective, security awareness training must be offered on an ongoing basis. The cost of organizing, running, and managing consistently relevant and topical phishing courses, or employee compliance education with each new hire, can add up over time. So, while bundling the service for free may seem like a favorable tactic in the short term, it may turn out to be less so over time.