Take our free Simplifying Cyber Risk course now at SIMPLIFYCYBERRISK.COM!

Challenges Selling Solutions for Cyber Risk

Up until 6 years ago, I was able to get by in sales with a combination of my people skills, good problem-solving skills (especially around uncovering the depth of a problem), and solid math skills to connect a solution to the value of solving those problems (ROI).

When I first started selling cybersecurity services, it took me a while to figure out the same-old-same-old approach wasn’t going to work.

My hope for today’s post is that I can help share some tips that worked for me, and ways to take it even further.

While cyber liability is different from cybersecurity products, services, and consulting, these are all complimentary solutions to the same problem: cyber risk.

Here’s the bottom line: If you want to win more sales or increase the sales you do win, your prospect needs to understand their level of risk if they’ll ever understand the full value of your solution (whatever it may be).

A Quick Flashback​

I still remember the first conversation I had when someone confidently told me “I have no risk”.

It was a 2-person chiropractor office local to me that I met through a chamber event. They were willing to take the time to speak with me and hear me out, but I just couldn’t wrap my head around their objection – the overconfidence was shocking, and I was (still am) legitimately concerned for their business.

They just didn’t see how anyone would ever target them – and I didn’t have the skills or knowledge yet to be able to explain that their risk was only partially impacted by them being a target or not.

I knew they had risk, but I couldn’t change their mind. The more I tried, the more they dug their heels in.

A few things became clear:

I did a few things right away to make a change.

First, I started reading and absorbing related content, a ton. I sought out more effective sales tools and concepts to help improve my ability to respond to objections like this. (Not much out there really taught me how to specifically sell solutions for cyber risk though, and I still don’t ever see much on this topic).

I also started to identify red flags where my prospects either had their ‘head in the sand’ or were overly confident they’d created the Ft. Knox of IT systems. I saved my energy for people that were in the right mindset and knew they had risks to address.

One thing that I also changed was when and how I allowed that objection to come into the conversation. I shifted my engagement to be more educational. I think where I failed that chiropractor is that I probably pitched something too soon or asked a question they weren’t prepared to answer yet. I found that timing mattered and that I could work proactively to ask the right questions or create conversations that proactively removed my obstacles.

The combination of that and other work I was putting into my skills shifted how I approached conversations, and I eventually learned how to get through to those former ‘red flags’.

What Are the Common Challenges Salespeople Find With Cyber Risk?

When I talk to people in sales roles that are providing a cyber-related solution, and especially insurance brokers, here are the most common problems I hear:

While there are probably a few other common challenges we could all add to this, there’s a pattern I start to see in this list:

  • Technical language is a hurdle
 
  • IT should be an ally but becomes an opposition
 
  • Risk perception is too low to have enough value to invest in a solution

Side note:
I left out things like “I don’t have a budget for this”, “this is bad timing”, and other very common and expected objections. To keep it short, I wholeheartedly believe those still tie back to the risk perception being too low.

If it’s a bad enough risk, they’ll find the money and they’ll make the time.

Want to Overcome These Challenges and Sell More?

Here are a few things I’ve learned about all of this:

Cyber risk discussions don’t need to get technical.

In fact, I’m going to go further to say more strongly: it SHOULDN’T get technical at all in early discussions. Don’t get into the weeds where you and the prospect are likely to get lost. Talk in terms of business cases instead of technical challenges and solutions.

If you want to win more and larger deals here, you need to appeal to the full C-Suite and rally them behind a unified objective to protect their other business goals and functions.

For cybersecurity solutions, you may need to get technical once the value/risk is established, but if the conversation is heading that direction, it’s a sign that the buyer is teasing the idea of your solution and probably ready to engage a solution engineer or product expert for a demo. Either way, the business case has to be established first if you want to improve your chance of success.

Make IT the hero.

When you get technical, you’re entering into the arena with a more skilled adversary in the IT team (and they often love to shut down salespeople). Chances are, you’re probably very much on the same side of things, but by talking negatively about what is or isn’t happening, it’s confrontational.

Shifting the conversation back to the business case means you go beyond IT. This puts them in a position to leverage your insights and resources to most likely justify things they too have been pushing for and asking to implement or improve.

Increase their understanding of the factors behind their risk.

Risk is a factor of Likelihood (probability) and Impact (cost). If you can expose reasons why the Likelihood and Impact are both higher than they may have originally realized, you can increase the overall perception of risk – which increases the value of your solution. They still may not fully see the risk as you do, but this is a start in the right direction.

This is all easier said than done and there are nuances to how to do this. It’s a deeper topic than I can fit into one blog post, but hopefully it gets some ideas flowing.

Ready For More?

I’m going to continue creating content and resources to help salespeople in this area, and I am just putting the final touches on a 4-part, personalized training program called “Selling for Cyber Risk” to teach this to anyone, regardless of your technical ability.

I’ve crammed a ton in there to teach how to simplify cyber risk discussions, increase your client’s perception of risk, and tee your sales pitch up to pack the most power. You can read a bit more about it in the Cyber Liability Sales services page.

Make sure you follow me on LinkedIn or subscribe to my newsletter to keep in touch (jump to the bottom of the page to find both).

Over the next few weeks, there’ll be some cool promotions and free content from my course that will be available.

Until then, if you have questions about this topic, have a different challenge that I completely missed, or just plain disagree with me, I’d love to hear about it so I can make sure I’m putting the best resources out there for folks.

Happy selling!

-Ryan

Share

Picture of Ryan Smith

Ryan Smith

Ryan's experience across cybersecurity, sales, insurance, technology, education, and mathematics have helped him become a business-oriented problem solver that can simplify complex topics.

His eclectic and diverse background is now able to be leveraged by businesses that are interested in outside perspectives to help them overcome challenges.

New Service!

RLS Consulting is excited to offer new services that are designed to help you sell more cyber liability and access resources designed to help you and your customers!

Newsletter

Looking for Identity Theft Protection?

RLS Consulting is a proud distributor of defend-id ©.

Learn how protecting your employees from the perils of Identity Theft and Fraud can help your business security and overhead costs.

Want to sell defend-id through your insurance agency? 
Learn More

Subscribe to our newsletter