<img alt="" src="https://secure.badb5refl.com/165368.png" style="display:none;">

Toxic MSP-Client Relationship? Here's How to Fix It

By Natalie Anderson on May 15, 2023

Get Free Insights

Toxic MSP-Client Relationship? Here's How to Fix It

May 15, 2023 | BY Natalie Anderson

Small and emerging businesses have historically had little incentive to meet cybersecurity frameworks or comply with regulations around processes, procedures or technology related to information security. But that ship has long sailed.  

Consumers now look for businesses, irrespective of size, that invest in protecting their sensitive information – and the organizations that don’t expose themselves to potentially grave risks and lost opportunities. According to a recent Continuum study, for example, one in four clients consider leaving their service providers if their cybersecurity practices aren’t up to par. 

Customers increasingly ask their vendors what they’re doing to protect their data, and these providers, in turn, must show without a shadow of a doubt that they’re meeting their end of the bargain. It's this dynamic that creates unique opportunities security-forward MSPs are equipped to exploit. 

The hang up? Small businesses often don’t understand their obligations, may be resistant to change, or haven’t yet built the muscle or the culture to effectively meet their compliance responsibilities.  

The Apptega Cybersecurity Podcast recently caught up with Christopher Bracket, owner of Greater Nashua Technology Consulting, to discuss how MSPs can approach these hurdles and what an ideal client relationship might look like when a small business is just beginning its cybersecurity compliance journey. 

The key takeaway: MSPs that don’t prioritize client buy-in place themselves at a disadvantage with their clients. But it’s a two-way street. Clients must also be willing to work with their MSP. 

Getting Client Buy-In
As an MSP, getting your clients on board is essential to developing a successful cybersecurity program. Because industry-specific frameworks are relatively new, MSPs often face the challenge of companies not realizing that they must follow a specific compliance program. It’s also the case that the frameworks themselves are often written for large enterprises – which creates confusion around which ones may even apply to a particular business and, for the ones that do, what steps the company must take to meet their controls. And in this context, getting leadership to buy in can be a challenge.  

For business owners, the importance of cybersecurity practices doesn’t always click immediately, so having a regular feedback loop is essential. According to Brackett, companies that see the most success meet bi-weekly to discuss changes and have an internal contact to talk to the group and implement changes before the next meeting.  

Continuous meetings that are well spent also remind customers of the necessity of cybersecurity practices. It’s essential to keep up with the pace of change and pursue continuous customer buy-in because cybersecurity compliance is not a challenge that will just go away. Approaching it as a gradual implementation lends itself to minimal business disruptions and gets strong customer buy-in. 

A Two-Way Street 
As an MSP, securing customer buy-in can be difficult, but it’s a common problem. On the other hand, though, customers that expect a hundred percent of the work to fall onto MSP shoulders achieve compliance slower and often lag behind their competitors.  

Customers willing to work internally and own the process can keep things moving forward – and they also progress faster and better. If a company isn’t willing to meet, discuss, and spend a few hours working on compliance, roadblocks arise.  

Both internal buy-in and collaboration are necessary. Brackett says that “the key is continually moving the needle forward and making things easier for the business,” but also that work must happen internally to progress faster.  

The New Normal for Businesses 

Compliance with cybersecurity frameworks and regulations is the new standard for businesses, and MSPs play a vital role in helping SMBs adopt a cybersecurity compliance program. But MSPs that don’t know how to meet their clients where they’re at will suffer.  

With client buy-in and collaboration, businesses can move forward in their compliance journey and meet the demands of their customers. 

Listen to the full podcast episode here. 

More Resources

Walking the Line Between Compliance and Productivity in your Security Program

By focusing on cybersecurity basics to lay a strong foundation, organizations can create a proportional infosec program that doesn't harm productivity.

Learn More

The Product Pulse

Looking to learn about Apptega’s latest and greatest product updates? Well, you’re in the right place. Here’s what's new.

Learn More

Fully Automated AI-Powered vCISO Services Now Live in Apptega

Today, Apptega launched ApptegaGPT, an in-app virtual CISO service that leverages generative AI to produce recommendations for how organizations can meet their compliance obligations.

Learn More

Subscribe to Our Cybersecurity Insights