If cars didn’t have seatbelts built into them when they are purchased, how many people do you think would buy them “a la carte”? My guess is, not very many. But we all expect seatbelts to be included in every car that’s sold today. This is analogous to how cyber security awareness fits into an MSP’s primary service bundle.
In a recent survey of the “State of Cyber Security Awareness in the SMB Market” conducted by Click Armor, we found that 2/3 of MSPs now offer bundled cyber security awareness, in some way, with their other IT service offerings. Almost 30% of MSPs always include awareness training in their bundles, while another 32% of them offer a choice to customers of having training bundled or delivered separately. There are some interesting benefits to MSPs in bundling this kind of service for customers.
1) MSPs often find that customers with low levels of cyber security awareness are more at risk of having a ransomware incident or other type of employee-triggered security incident. When an MSP can make it easy for its customers to learn how to avoid common phishing and social engineering threats, it can reduce the unexpected costs from having to do investigation and remediation. Many MSPs I’ve spoken to tell stories of having to spend their weekends remediating ransomware incidents that occurred as a result of a customer’s employee clicking on a phishing link. So, anything that can reduce these unexpected costs is worth making widely available, if not mandatory. (Almost 1/3 of MSPs in our survey said awareness training was mandatory for their end-users.)
2) MSPs can build a stronger relationship with all of their customers by providing a more “visible” aspect of their relationships than just basic helpdesk, provisioning and incident management services. By scheduling all customers’ staff into an engaging and effective cyber security awareness program, everyone sees that their employer and their MSP both care about providing the tools they need to help defend corporate assets.
3) An MSP can keep a closer eye on the vulnerability level of each customer, especially if the solution uses simulations or meaningful assessments. Having a “risk-based dashboard” of customer employee proficiency in spotting and avoiding security threats means they can be more pro-active in providing remedial assistance for high risk customers. End-user proficiency comes from being engaged and practicing how they should react to common threat situations, not just clicking through a check-box series of screens that tell them to “be suspicious” of unusual situations.
By bundling an immersive, risk-oriented cyber security awareness program into basic IT services, an MSP can receive a greater return on investment, and build a reputation as an innovator and leader versus their competition.
If you are an MSP looking to reduce risks and improve your reputation, then a Click Armor gamified awareness program might be the best solution for you.
Did you know that Click Armor’s gamified simulation solution has been shown to improve employee proficiency in handling phishing threats by up to 50%?
We can provide gamified challenges and simulations in many risk areas. We can also do gamified assessments for teams, without the need to register employees. You can try a simple gamified phishing assessment at www.canibephished.com to test your own phishing awareness skills.
Contact us to learn more.