Get Comfortable Talking Security with Your Customers

Cybersecurity conversations can seem complex and intimidating, especially if you’re not a security specialist. Rapid shifts in the threat landscape, the sheer scope of security challenges, and the technical jargon can easily make anyone feel out of their depth.

But here’s the reality: Organizations today need a trusted advisor who can help them manage and mitigate the increasingly complex and sophisticated threats that could easily topple their business.

The good news: You don’t need to be an expert to lead these discussions effectively. It’s about understanding key risks, recognizing the business impact, and using practical questions and insights to engage meaningfully.

And there’s strong evidence that selling into multiple solution categories is lucrative: AppDirect research has shown that advisors who cross-sell into additional categories see an average 2-3x increase in revenue.

In this blog, you’ll find the knowledge, tools, and resources you need to confidently engage in security conversations with your customers.

ABOUT THIS ARTICLE

This article is part of our Thrive 2025 Blog Series, offering a glimpse into the kinds of trends and insights we’ll be exploring at Thrive 2025 in Austin, August 25-27. Watch for new posts on our blog page through August.

Why amplify your security game

Cybersecurity is a critical business issue that causes significant anxiety among IT leaders. Half of IT business leaders say security concerns keep them awake at night. Even those who feel certain that they meet compliance requirements feel vulnerable, knowing that a security attack could happen at any moment, according to Gartner.

Security risks and impacts are on the rise

Cyberattacks are increasing in frequency and sophistication, resulting in steep financial and operational costs. For instance, the 2025 IBM Cost of a Data Breach study shows the average cost of a data breach approached $4.9 million in 2024—up 10% in just one year, the highest increase in years.

Beyond direct costs, cyber incidents disrupt essential business functions like sales and customer service. An overwhelming 86% of organizations have faced business interruptions as a result of a security breach, eroding customer trust, damaging reputations, and creating long-term losses. Alarmingly, research shows that 60% of small businesses close within six months of a cyberattack.

The impacts of AI on security

The rise of generative AI has introduced new risks, including sophisticated phishing scams that are harder to detect, AI-crafted malware, data leakage through public AI tools, and voice cloning for social engineering. AI-related attacks have surged by 56.4% over the past year, driving increased investment in application and data security.

Shadow AI is particularly damaging, according to the 2025 IBM data breach study. Security incidents involving shadow AI add USD 200,000 to the average cost of a data breach, driven by longer detection and containment times. In spite of the heightened risk and costs, nearly two-thirds (63%) of the organizations studied said they don’t have governance policies in place to manage or detect shadow AI.

97% of organizations that reported an AI-related security incident lacked proper AI access controls—IBM 2025 Cost of a Data Breach Report

Paradoxically, while AI introduces new threats, it’s also a powerful tool for defense. Organizations using AI-driven security and automation can detect and contain breaches nearly 30% faster and save an average of $1.88 million per breach.

Customers underestimate their security risk

Many customers underestimate their security exposure. A common myth suggests that larger companies are more likely to be hacked due to bigger rewards. In truth, midsize businesses bear a disproportionate share of attacks—41%, according to the Hiscox Cyber Readiness Report.

Hackers often prefer SMBs and SMEs because it’s easier to collect smaller amounts from many small, vulnerable businesses than to attack a large company that has the means to defend itself. And despite being frequent targets, many small businesses rely on consumer-grade cybersecurity tools, increasing their risk. 20 percent lack endpoint security altogether.

Another misconception is that compliance equals security. Compliance may ensure an organization meets regulations, but it doesn’t guarantee protection from all vulnerabilities or evolving threats. True security requires a proactive, continuous approach tailored to unique risks.

“Compliance is not the same thing as being secure.” — Scott Augenbaum, cybersecurity author

Further reading

For a comprehensive look at the cybersecurity risk landscape today, download our ebook, The cybersecurity opportunity for technology advisors.

Your vital role as a security advisor

As an advisor, you can be part of your customer’s first line of defence in preventing and mitigating security risks, marking the difference between a proactive and reactive security strategy.

By deepening your understanding of security risks and solutions—and by engaging customers with thoughtful, practical questions—you can build stronger relationships, uncover new opportunities, and drive meaningful revenue growth.

And remember, you don’t need to be a technical expert to make a real impact; your insight and trusted guidance are what your customers need most.

Essential security concepts

To knowledgeably advise your customers, it’s valuable to understand key security basics that often come up in conversations. These essentials form the bedrock of a resilient security posture your customers can realistically achieve with your support.

• Annual security audits—Regular evaluations that identify hidden vulnerabilities and ensure compliance.

• Firewall patching— Timely updates to firewalls are essential to close security gaps.

• Original equipment manufacturer (OEM) support—Trusted vendor support keeps equipment and software secure and up-to-date.

• Mail security and phishing training—Employee training and technical safeguards prevent common email-based attacks.

• Multi-factor authentication (MFA)—Adds an extra layer of protection beyond passwords.

• Security Awareness Training—Continuous employee education reduces human risk factors.

• Endpoint detection and response (EDR)—Real-time monitoring and threat response at the device level.

Understanding these fundamentals helps you recognize vulnerabilities and better frame your conversations.

Engaging your customers: Conversation starters and discovery questions

Starting or deepening security discussions is as simple as asking clear, purposeful questions that help you uncover your customers' goals, unique risks, and challenges.

The following conversation starters are designed as a starting point to help you build a progressive understanding and steer conversations toward practical security improvements. Use them as a guide, not a script. Listen actively, tailor your approach based on the customer profile, and provide relevant insights to build credibility and value.

You’re not alone—Leverage support and expertise from providers

Remember, you don’t need to be a security expert to confidently sell security solutions. Your security solutions providers should have a dedicated team, including technical architects, engineers, and sales specialists, ready to support you throughout the sales lifecycle.

They can assist in scoping solutions, training, and addressing technical questions, empowering you to engage your customers. Be sure to connect with your channel or partner manager early to unlock these valuable resources.

Get the conversation started

• How prepared are you today for a cyberattack?

• What is your plan for handling security issues?

• What is your incident response plan, and how have you tested it?

• When a security issue arises, what steps do you take and who do you call?

• What were the results of your last cybersecurity assessment?

• How do you measure the effectiveness of your current security awareness training programs?

• What initiatives are in place to enhance employee security awareness?

Discover customer risks and security challenges

• How do you manage and prioritize firewall patching within your infrastructure?

• What challenges or concerns do you face while conducting comprehensive security audits?

• What specific gaps or challenges are you currently facing in your security measures?

• What compliance or regulatory issues must your business navigate?

• What cybersecurity strategies do you have to protect your customers?

Current security posture relating to risk management and business continuity

• What is your overall strategy for managing risk?

• What are the biggest risks facing your business, and how are you addressing them?

• How do you protect your business from security threats?

• Please describe your disaster recovery plan in case of system downtime

• What would be the impact on your business if systems went down or network performance degraded?

• Who is responsible for managing your network infrastructure, and how is continuity ensured if this person is unavailable?

• What contingency plans exist for unexpected disruptions or personnel changes?

You have all the answers. Now what?

• If you're an advisor who works with AppDirect, contact your CMS to discuss the next steps, including identifying the best path to aligning solutions to the customer's specific business needs.

• Otherwise, engage your security professional or solutions consultant for a discussion on next steps.

• Interested in becoming an AppDirect advisor? Sign up here.

Resources to build your security knowledge and practice

Leverage provider resources and tools

Strengthen your conversations by leveraging resources provided by your security solutions providers, including:

• Data sheets, pitch decks, and focused selling guides.

• Objection-handling frameworks and conversation starter toolkits.

• Insightful whitepapers and ebooks to deepen understanding.

• Security training and vendor-neutral certifications like those based on the NIST Cybersecurity Framework, featuring practical scenarios and digital certificates to validate your expertise.

Enroll in a security certification program

Learn cybersecurity essentials and bring insights and knowledge to your customer security conversations with the AppDirect Security Sales Certificate program—Vendor-neutral training based on the National Institute of Standards in Technology (NIST) Cybersecurity Framework, featuring online modules on governance, risk identification, protection, detection, response, and recovery, with practical quizzes and a digital certificate.

Deepen your knowledge with and ebook and in-depth articles

Tap into these valuable resources to sharpen your skills, build credibility, and grow your security offerings.

• Forge Stronger Customer Relationships With a Security Practice—A Guide for Technology Advisors

• Choosing the Right Security Solutions: Building a Proactive Defense Strategy

• The cybersecurity opportunity for technology advisors ebook