All articles
How to Talk About the Cyber Score card (MSP Guide)
Sales & Prospecting Tactics
Sales & Prospecting Tactics
May 10, 2025

How to Talk About the Cyber Score card (MSP Guide)

Cyber Score Card Talk Tracks: Qualify Prospects Faster

Handing a prospect their Cyber Score Card can be a powerful moment, but it can also be overwhelming for them. How do you translate that technical data into a conversation that connects without causing their eyes to glaze over? More importantly, how do you use it to figure out if they're genuinely interested in taking action? Forget explaining everything at once. The key is a focused start. This guide shares a practical approach I use: kick off your Cyber Score Card talk tracks by focusing only on Dark Web Breaches and Email Impersonation Protection. We’ll explain why this works, give you simple scripts based on my own talking points, and show you how to use this initial chat as a crucial qualification step in your sales process.

Why Start Simple? The Accessibility & Qualification Advantage

The full Cyber Score Card covers a lot – website vulnerabilities, detailed DNS configurations, the works. While it's all important eventually, hitting a typical small business owner with all that information upfront is often counterproductive. They might nod along politely, but are they really getting it? Probably not.

My recommendation? Start the conversation by focusing narrowly on just two areas:

  1. Dark Web Breaches: Exposure of their credentials online.
  2. Email Impersonation Protection: The risk of their domain being used for phishing.
Cybersecurity report for parsonscpa.com showing 63 dark web breaches, 50% cyber score, and critical issues like dark web email breaches and insufficient DMARC records.

There are two big reasons why I advocate this approach:

  • It’s Accessible: These two concepts are far easier for a non-technical person to grasp. They've likely heard news stories about password leaks or received suspicious emails, making the risks feel more real and immediate compared to abstract website security settings.
  • It’s a Powerful Qualifier: How they react to these specific, relatively simple points tells you a lot about their genuine interest in cybersecurity. If they lean in, show concern, and ask questions now, they're likely serious. If they seem bored or dismissive even about these basics, it's a strong indicator they might not be ready to invest, allowing you to qualify them out early and save everyone time.

Talk Track #1: Dark Web Breaches – Your 'Hottest Hook'

This is often the best place to begin because, frankly, the news media has already warmed up the audience. People know password theft is a major issue.

  • How I Explain the Risk (Keep it Simple):
    • "You know how you constantly hear about data breaches on the news? Well, a lot of times, criminals aren't doing super complex 'hacking'. They simply buy lists of emails and passwords that were stolen from breaches at other, sometimes less secure, websites – think places like Canva, LinkedIn, maybe an old fitness app."
    • "They know that most people, unfortunately, reuse the same password across multiple sites."
    • "So, they take those stolen email and password combinations and systematically try them – 'stuff' them – into login pages for high-value accounts: your Microsoft 365, your online banking, accounting software, etc. It's called credential stuffing, and they're just playing the odds hoping for a match."
  • The Key Question to Ask:
    • "So, let me ask you directly – are you, or any of your employees, possibly reusing passwords for different accounts?" (Pause and wait for the likely cringe or hesitant 'yes').
  • Position the Solution as Easy & Free:
    • "Okay, no judgment here! That actually means there's a straightforward, totally free way to significantly improve your security posture. The core fix is getting everyone to use unique, strong passwords for every single online account."
  • Offer the Convenient Method & Next Step:
    • "Now, managing all those unique passwords sounds like a pain, right? The convenient way to handle this is with a password manager. We use tools like Keeper, Bitwarden or 1Password. Would you be interested in learning more or trying one out? We could even help you get started." (Consider offering a free trial or basic setup – this is a fantastic, sticky lead magnet).
    • "And alongside unique passwords and a manager, using Multi-Factor Authentication (MFA) everywhere possible is absolutely critical."
  • Making it Personal (Optional):
    • "Looking at the details here on the scorecard, it seems credentials tied to [Employee Name]'s email address showed up in that [Specific Breach Site Name, e.g., Luxottica] breach data. It’s really important we make sure they've reset that password and aren't using it elsewhere."

Talk Track #2: Email Impersonation Protection – The Easy Phishing Gateway

This one sounds technical (SPF, DKIM, DMARC), but the risk is very easy for prospects to understand.

  • How I Explain the Risk:
    • "This part of the score [point to the relevant section] checks how easy it is for criminals to send emails that look like they came directly from your company's domain – for example, an email pretending to be from you, the CEO, or someone in HR."
    • "If this check shows a failure, it means it's much easier for scammers to convincingly forge emails from your domain to trick your employees or even your clients."
  • Give a Concrete Example:
    • "Imagine a scammer sending an email that looks like it's from the CEO to the finance department asking for an urgent wire transfer. Or an email 'from HR' going to all staff with a link to a 'New Vacation Policy Document' – but that link actually installs malware. Because the 'From' address looks legitimate, people are much more likely to fall for it."
  • Highlight the Solution (Easy Fix!):
    • "Seeing a failure here is definitely something we need to address – it's a major security gap."
    • "But here’s the good news: This is usually completely free and easy to fix. It typically takes about five minutes."
    • "It just involves adding some specific security settings – they're called DNS records, like SPF, DKIM, and DMARC – into wherever your website domain name is managed. We have guides, or it’s something we can quickly take care of for you."

The Critical Step: Pause and Gauge Their Response

This is arguably the most important part of this initial conversation. After you have explained only these two points – Dark Web Breaches and Email Impersonation – you need to consciously stop talking.

Pause. Observe them. Listen carefully.

  • Are they engaged? Are they leaning in? Asking follow-up questions ("So how do we fix the email thing?", "Tell me more about password managers")? Do they seem genuinely concerned? Are they taking notes?
  • Or are they disengaged? Are their eyes wandering? Are they checking their phone or watch? Are their answers short and non-committal? Do they seem bored or like they just want the conversation to end?

Their reaction at this specific point, after discussing these two relatively accessible issues, is incredibly telling.

Using the Score Card as a Disqualifier (When to Pivot)

If you sense that disengagement after explaining these first two points, recognize it for what it likely is: this prospect may not be genuinely interested in investing in cybersecurity right now.

Don't waste your valuable time trying to force it or convince someone who isn't ready. Trying to explain the more complex parts of the scorecard at this stage will be futile. Instead:

  1. Acknowledge It: Don't make it awkward. You can simply transition.
  2. Pivot Gracefully: Use this as your cue to disqualify them (for now) from your active sales pipeline for managed cybersecurity services.
  3. Ask for Referrals: Shift the focus. Try saying something like: "Okay, I understand this might not be the top priority for you right now. Based on what we just looked at, though, who else do you know – maybe another business owner in your network – who you think would be concerned about these kinds of risks and might find value in seeing their own cyber score?" See if you can get an introduction.
Cyber Score Card for ACME Dental Clinic by Top Notch Managed IT Services, showing 64% cyber score, 57 dark web breaches, and security action plan.

Beyond the Basics: Next Steps for Engaged Prospects

If, however, the prospect is engaged after discussing the first two points – fantastic! You've successfully used the focused approach to confirm their interest.

  • Keep the Conversation Going: Ask more probing questions based on their reactions.
  • Introduce Other Score Card Elements Selectively: Now is the time you can start discussing other relevant findings from the Score Card, tailored to the concerns they've expressed or questions they've asked. You still don't need to cover everything, just what's most pertinent to moving the conversation forward.

Discussing Cyber Scores doesn't have to be a technical data dump that leaves prospects confused. By simplifying your initial approach and focusing your talk tracks squarely on Dark Web Breaches and Email Impersonation Protection, you make the conversation accessible. More importantly, as I've found, pausing to genuinely gauge their response to these fundamental points provides invaluable insight into their actual interest level. Use this strategy not just to educate, but to qualify effectively, saving yourself time and ensuring you invest your energy engaging prospects who are truly ready to improve their cybersecurity posture.

Start using Cyber to power your prospecting.

Get started

Related posts

Browse all posts