By David Powell

David Powell

Mike works for a managed service provider (MSP) that represents a variety of customers. They sell to IT, education, health care, finance, government and so on. On the other hand, Bob’s MSP is health-care specific – 100% of its customers are in the health care space, it’s what he and his colleagues live and breathe every day. Mike knows a little about a lot. He’s extremely likable and professional and is typically much more affordable than Bob’s business, too. But despite the value, when Mike and Bob both pitch the same private health care practice, Bob wins out almost every time. He can go into detail with the doctors, nurses and administrative staff about electronic health records, the Health Insurance Portability and Accountability Act (HIPAA), ICD-10 (the clinical modification and procedure coding system) and billing software – things Mike simply can’t do.

There’s a solid argument for specialization and verticalization in an MSP. Even though COVID-19 showed the benefits of diversifying during the economic downturn, truly becoming an expert in one’s space can have a tremendous payoff for both the MSP and its clients.

Verticalization not only makes a service stickier, in many cases it allows MSPs to charge a premium. That’s because when an MSP begins to verticalize, it becomes more of a trusted adviser to its customers. And being a trusted partner makes it easier for them to guide customers through difficult conversations, specifically conversations regarding the significance of cybersecurity.

The Case for Cybersecurity

For MSPs, cybersecurity can feel like a convoluted subject to tackle with clients. In a lot of ways, cybersecurity has become an afterthought and a part-time job that’s tacked on to a contract when (or if) a client feels they absolutely need to have it. Further, cybersecurity has been wrongly categorized by clients as “technology.” But it’s not an IT issue, it’s a business issue. So, when a customer who is only paying for remote monitoring and management (RMM) and a network operations center (NOC) all of a sudden runs into an issue such as ransomware, they turn to their MSP for an explanation and solution, thinking they’re already covered.

I’ve seen this happen many times over, and it ends up putting the MSP in a very uncomfortable position when it has to explain this. Most SMBs don’t have cybersecurity as a line item in their budgets, so it is more often than not swept under the rug, and MSPs usually won’t right the wrong.

MSPs Need to Be Able to Sell Security

A 2018 IDC study predicted that security spending will reach $133.7 billion in 2022. It adds that managed security services will be the largest segment within the services category, delivering nearly 50% of the category total in 2022 – that’s $66.85 billion that MSPs should be claiming in cybersecurity services alone by the end of next year. If an MSP isn’t able to talk about the importance of cybersecurity with current and prospective clients and sell these services as part of its stack, they’ll be missing out on …

… this market share.

Many MSPs are learning – some more slowly than others – that cybersecurity is inevitable. No matter what, an MSP will have to begin offering cybersecurity as part of its stack. We can’t look at the headlines today and talk ourselves out of that reality. What I encourage all MSPs to do is have an upfront conversation with their clients at the beginning of the relationship. I’ve seen many MSPs underselling their offerings to win a bid and then having to go back and ask for more budget to self-correct to add cybersecurity services.

How Verticalization Helps MSPs Succeed

This is where verticalization comes into play. Take Bob from my opening example. He is going to have a much easier time sitting his client down and truly advising the client on why security is important to his specific health care practice. He can run through the unique scenarios that might happen in that doctor’s office that would warrant added cybersecurity expertise. Because Bob knows the ins and outs of cybersecurity in the health care space, he’ll be able to build the case more than Mike will, who can only speak at a general level.

A verticalized MSP like Bob’s also brings a greater breadth of knowledge about his client’s competitors and peers that might be facing similar problems. Bob might say something like, “Elizabeth, one of the cool things about my job is that I get to call on doctor’s offices like yours all the time. One of the things we are seeing in other practices is that they are doing XYZ, and I think that could be a good thing to explore for your business, too.” An MSP can offer valuable business insights and “answers to the test” for its other clients.

I said earlier that cybersecurity is a business issue, not an IT issue. SMBs will always be more inclined to pay for someone to help grow their business rather than someone who will help them stay secure. An MSP helps a customer grow its business by helping them stay secure, which differentiates a business from its competitor. Helping a client make that connection can be difficult if an MSP doesn’t thoroughly understand its business and the market, which is why verticalization can be so valuable.

If an MSP wants to grow and evolve, it needs to be fluid and adaptable. Verticalizing can be a smart way to do that.

David Powell is senior vice president of growth at ConnectWise, where he is primarily responsible for account management and cybersecurity partner programs. A 25-year veteran of the IT industry, David was listed in the Birmingham Business Journal “Top 40 Under 40” in 2011. You may follow him on LinkedIn or @ConnectWise on Twitter.