Cybersecurity has evolved beyond just selling software or endpoint solutions. Today, clients expect more than just the tools; they expect guidance, and they want to work with a partner who knows what they’re doing and can advise on the best cybersecurity strategies for their business.
The good news is that many MSPs and resellers already have the knowledge and experience to guide clients. With so much expertise in the channel, it’s clear that businesses don’t just want a vendor; they want a partner they can trust. However, here’s the challenge: what if the role of the trusted advisor means taking a firmer stance on what must be in place?
Not every MSP or reseller feels comfortable telling a client what they ‘must’ implement, and that’s where the idea of opt-out services comes in – a concept that often divides opinion. Could there be value in including certain protections by default, with clients able to decline if they choose?
What is clear is that in the cybersecurity market, the more expertise you bring to the table, the more value you add, and the more you stand out in a competitive market. Clients are increasingly relying on MSPs to guide them through increasingly complex threats, and approaches like opt-out services can give you the confidence to lead – setting recommended baselines, explaining why it matters and leaving the final choice to the client. Often, when they understand the rationale, they follow your advice.
Most clients don’t want to debate whether something is essential; they just want to know their business is protected. So, if baseline security measures are automatically included in your security packages, you’re building protection in by default rather than haggling over what’s needed. This approach can help ensure clients are protected with the essentials from day one - though it may not be right for every business or provider.
One of the main hesitations to approaching clients with mandatory security measures can be the fear of pushback. But here’s the thing - questions don’t always mean resistance, they’re an invitation to explain and educate.
Clients want guidance and for their security provider to know what they need to do to keep their business secure. By taking opt-out as one possible approach, you position yourself as an expert consultant rather than a salesperson. You’re presenting a smart baseline for protection while still giving clients the choice to accept or decline, with complete transparency.
Sometimes clients will decline a service you know is critical. That’s okay, but clarity is essential. The key is to explain your position clearly and set expectations up front:
“This is what we recommend and normally implement. If you choose not to, we need to be clear on the risk, which is …”
This way, you’re protecting both sides, the client is informed, and you’ve documented your professional recommendation. It becomes less about selling and more about aligning expectations.
Ultimately, opt-out should be about setting standards and leading with expertise. When clients understand reasoning, acceptance often follows - even if full implementation happens over time.
For MSPs and resellers, the opt-out model can be far more than just a sales tactic it can be a strategic approach to cybersecurity, client trust and long-term value and retention. But equally, this approach may not suit every market or client base. The important thing is to spark the conversation: how can we set clearer standards, build more trust and protect clients more effectively?
Whether through opt-out or another model, the real opportunity lies in setting clear standards, educating clients and backing your recommendations. Done well, that’s how MSPs can move beyond selling services to truly safeguarding client businesses and building lasting trust.
For more articles like this, head to our news and articles page.
For any questions about our vendor portfolio and how we support our partners, get in contact.