Guest blog courtesy of CYRISMA.
If you are an established managed services provider (MSP) and landing new clients is your primary or only means of revenue growth, you need to rethink your strategy. Your existing clients – regardless of sector or size – are evolving as you grow. Technology is changing quickly and digital risk is growing as cloud and AI adoption increases. To thrive in such an environment, your customers will need to evolve along with bigger technological shifts and upgrade to newer tech and IT services periodically.
As an MSP and your customers’ IT advisor, you need to identify gaps and redundancies in their current technology infrastructure and recommend improvements, many of which you can deliver.
If you make the effort to really understand their business goals and pain points. you can find several opportunities to provide additional solutions. And to do that consistently, you will need to make this evaluation and opportunity-spotting a part of your routine service-delivery processes.
The biggest benefit of upselling is that you have already built trust with your clients and established processes to deliver services to them. It will cost you less time and fewer resources to add more services for them than to start from scratch with new prospects.
In this article, we talk about some ways to identify your clients’ evolving needs, build better relationships, and tweak your marketing strategy and operational processes to upsell more naturally. In the second section, we focus specifically on upselling cybersecurity solutions and pitching these services in a less salesy and more solution-oriented way.
Building a Foundation for Successful Upselling
To upsell without continually pitching new services to clients, you need to take a look at your existing communication processes. You may need to introduce more frequent and more informal touchpoints to identify gaps and propose solutions in a natural manner.
Regular Check-ins
Make communication open and informal and show interest in your clients’ business, successes and pain points beyond the sales context. Use all interactions – tech support, scheduled meetings, feedback forms and surveys – to spot gaps and problems that you can solve.
Quarterly Business Reviews (QBR): You likely already have some kind of regular meeting cadence or QBRs. Use these meetings as a structured platform to review performance, discuss client goals, and identify areas for improvement. Support Engagements: Look for patterns in tech support requests and tickets. A particular client may be reporting recurring issues with devices or software that is old and needs replacement. In-person engagements can provide even greater visibility into issues that you can resolve. Train your tech support employees to look for such opportunities. These issues can be natural conversation-starters and enable you to propose an easy solution to recurring problems.Technical/Engineering Check-ins: Regular on-site visits or remote assessments by technical staff provide firsthand knowledge of client environments. Use these assessments or regular maintenance tasks as another informal way of staying on top of client pain points and spotting gaps that you can resolve.Open Dialogue: Encourage open and informal communication with clients beyond formal meetings. Show genuine interest in their business challenges and successes to build stronger relationships.Client Feedback Mechanisms: Implement mechanisms for clients to provide feedback. Use surveys and feedback forms to gain deeper insights into their satisfaction and identify areas for improvement. Marketing to Existing Customers
Create a targeted marketing plan for existing customers. Keep clients informed about what’s new at your MSP, offers and discounts, success stories with other customers, tech industry trends that may be relevant to them and that relate to your service stack (such as cybersecurity and compliance services.)
Send out a newsletter – Share news about your new or popular services, awards and accomplishments, offers and discounts, relevant industry trends, and customer success stories via a biweekly or monthly newsletter specifically for existing customers.Create case studies – Create case studies highlighting how you were able to provide value and address specific customer painpoints with your services.Run email campaigns specifically for customers – Send out non-salesy, value-packed emails to customers about better leveraging your services, tech maintenance best practices, cybersecurity awareness articles and other relevant information.Segment By Sector – If you have the bandwidth, segment your email campaigns and other marketing communications based on your clients’ specific sectors. These efforts will continually reinforce your role as a technology advisor and expert on all things IT. The idea is to make your customers comfortable talking to you and confident in both your expertise and your desire to help. When they’re faced with an IT issue, you should be the first one they approach for a solution.
Offering New Solutions to Old Customers - Cybersecurity
Having tweaked communications and marketing campaigns for existing customers, you can focus on more active selling of new services.
Specifically, if you’re starting to offer cybersecurity services, here are a few ways to introduce these services to existing customers.
Focus on Value
Frame solutions with an emphasis on how they will provide value to customers. For cybersecurity and compliance solutions, for instance, talk about:
The need to protect sensitive data – Your customers’ systems likely store not just internal organization data, but also customer data and partner data. Any of this data being compromised could lead to grave consequences, including noncompliance penalties, customer and partner lawsuits, brand damage, revenue losses, and permanent closure in extreme cases.Business disruption due to a cyber attack – Even if an incident does not impact your customers’ most sensitive data, it could disrupt operations and lead to extended downtime. Each day of not being able to operate optimally translates to a bigger hit to revenue. This is why it’s important to put basic preventative controls in place – good cyber hygiene, regular assessments, patching vulnerabilities and closing network entry points, ensuring secure configurations and preventing configuration drift.Breach prevention with essential security measures – Share data with your clients about the consequences of breaches and how some of the biggest breaches in the news could have been prevented if the affected organizations had some basic security controls in place (like multi-factor authentication, proper access controls on cloud apps, patched vulnerabilities etc.)Compliance needs – There are multiple data privacy regulations, standards and laws today (such as HIPAA, PCI DSS, GDPR, CCPA, FERPA etc.) with privacy requirements for companies of all sizes and in all sectors. Emphasize the need to stay compliant and that fact that this is not optional.Security as a competitive advantage – Both individuals and companies today care about how their data is being secured by the businesses they share it with. A focus on data privacy can give an edge to your customers over competitors who pay scant attention to data protection.Supply chain partner confidence – SMBs these days work with a number of larger supply chain partners with concerns about whether smaller vendors in the chain are closing security gaps appropriately. With well-documented security programs and processes, your customers can reassure partners that their security posture is strong and they won’t be the “weak link” if there is a breach attempt. Introducing Solutions
When presenting cybersecuritysolutions to customers, avoid technical terms and jargon. Explain the value proposition, deliverables, terms and benefits in an easy-to-understand manner. This should follow the previous step, where you’ve already talked about the need for cybersecurity, data privacy and compliance solutions. Demonstrate the value of the service prior to asking for a long-term commitment.
Offer a free cyber risk assessment – Ask your client if you can run a set of scans to uncover security gaps and generate a detailed assessment report. This would ideally be the basis of your conversation about your managed security offerings, but it can also be a standalone exercise that would give your client the data to understand their existing security posture.Present a prioritized set of action items – Based on the assessment report, create a list of action items to reduce risk. Categorize these items or tasks by priority – with the most urgent items on the high-priority list, followed by medium and low priority items. Explain to your customer why it is essential to address at least the high-priority items.Tailor services to specific customer needs – Create customized solutions for individual clients based on what you’ve learned about their business goals, pain points and security gaps. Use the intelligence gathered in your past interactions; the complimentary risk assessments; and discussions with your customers about their ideal security state.Share success stories and testimonials – Share case studies about customers already using and finding value in the service. Try and use industry-specific case studies and testimonials. Tie service inclusions to compliance needs – Learn about the specific compliance standards applicable to the customer’s business and tie the services you’re offering to compliance needs. Show the customer about how the services you’re offering will help them get closer to compliance.Beta test new services – Before formally launching a new service, consider offering a beta version to selected customers (or those who opt in) so you can use their feedback to refine it further and address issues that may crop up later. This also has the added benefit of creating a stronger partnership with participating customers who will both get the benefit of the service, and feel more involved in the process. Simplifying Purchase Decisions
Finally, make it easy for your customers to make the purchase decision. What is the information they would need to say yes to the subscription? Have you addressed all their objections and defined your offer clearly? How can you make it more appealing to them?
Encouraging Action
Address any questions or doubts your customer may have about adopting the service with data. Use the free assessment to pull concrete data about the possible financial impact of a cyber attack. Show them how others in their sector are managing risk (there are affordable tools available to help you generate this data.)
Quantify risk to show ROI – Show your customers what a data breach or ransomware event could cost them in monetary terms. Use a risk quantification tool to automate this in the “free risk assessment” phase. Translating risk to a monetary value speaks straight to the business bottomline – the impact on an organization’s revenue and profits. Make sure you are communicating risk to your customers effectively, and enabling them to make a better ROI assessment.Industry comparison – If you have access to a peer benchmarking or industry comparison tool, use the initial free assessment to compare their performance against those of their peers in the same industry. Knowing that others in their industry score higher on risk management and security will likely drive them to action. Making it a no-brainer
Start with what’s most essential – To address resource constraints and early hesitation, craft a solution that covers just the essential risk reduction controls (the high-priority items in the assessment) in an affordable package. Start with the basics, and add more as your customer’s organization and needs grow.Let them try the service for free – Provide a 30-day free trial so your customer has enough time to experience and evaluate the benefits of the service. If you want happy customers, ensure that your services fit their needs and deliver what they promise.Provide a clear list of deliverables – Make your service offer clear and easy to understand. Define specific deliverables and KPIs and explain to the customer how you will report on progress.Discounts and offers – Finally, create special offers and discounts exclusively for existing customers. These could be anything from offering the first three months for free, to a 20 percent price cut for a year, to free periodic assessments or free support for specific services. Make your initial offer as compelling as possible. Upselling is about providing value – not pushing more services
Upselling isn’t about pushing more services—it’s about genuinely helping your clients grow, evolve, and stay protected in increasingly complex digital environments. By focusing on understanding their business needs, maintaining regular communication, and offering tailored solutions, you can create a win-win relationship that benefits both your MSP and your clients.
With cybersecurity, the stakes are even higher. By demonstrating the value of your offerings, tying services to compliance and risk reduction, and simplifying decision-making, you can position yourself as a partner who deeply understands clients’ needs.
By making upselling a natural extension of your service delivery, you ensure long-term growth for both your clients and your business.
How CYRISMA can help
CYRISMA combines essential cyber risk management and compliance features in a single platform, enabling MSPs and MSSPs to offer effective and reasonably priced security services to SMBs. Use the wide range of tools included in the platform to tailor services to specific customer needs and cross-sell and upsell easily.
Learn more about the CYRISMA Platform here. Read partner success stories.
