How many spam emails and scam text messages have you received in the past week? The numbers seem to be growing daily. (See sidebar, below.) Overall, network intrusion attempts could number more than 17 billion every day and over 6 trillion annually! As enterprises continue to fortify firewalls, deploy endpoint defenses, and respond to digital privacy invasions, more office technology dealerships are stepping in to help.

Starting up a cybersecurity practice is not a simple task for dealer owners and managers. Three executives —two from progressive dealerships and one from an IT management software partner —identify some major mistakes dealer organizations commonly make when entering the cybersec fray. “Educational awareness is required to understand the overall complexity,” believes Jeremiah School, president and partner at DOT Security (Mettawa, Illinois, north of Chicago), the company spun off by Impact Networking nearly four years ago.

One recurring pitfall is failure to adjust the way in which these services are sold. A pitfall is defined as a hidden or unsuspected danger or difficulty. Many dealer leaders don’t even think about this sales aspect, according to Keith Johnson, Jr., executive VP of Obviam, which 16 months ago became a subsidiary of Modern Office Methods (MOM). Peddling “brain services” requires a pivot, a mind shift. It’s not the same transactional model to which traditional imaging dealers, such as MOM, are accustomed, he warns. (The 70-year-old, Cincinnati-based firm has multiple locations in Columbus, Dayton, and Mansfield, Ohio, as well as in Pennsylvania.)

Then, there’s this: You’re not talking to the same people, Johnson points out. For tech services, customer points of contact typically are not in the procurement or even the IT department. They tend to be C-suite level executives higher up the corporate ladder, and this can be another pitfall to navigate.

“Selling cybersecurity is not a see-you-in-three-years type of arrangement” with service in between, explains Johnson, a 25-year veteran and self-described security advocate. He honed his tech background at SonicWall Inc. before migrating to the business side: most recently as CSO and COO at Logically (Louisville, Kentucky). Johnson notes that information technology (IT) and cybersecurity are “value selling” propositions that can happen quickly, generally in less than one month’s time. “We’re not used to getting money upfront like on the [hardware] equipment leasing side,” he points out, adding that the “monthly clip” of 30-day contracts is normalized in the IT world. LINK: (See our report on IT sales training, page __.)

Beware of another common oversight, says the DOT Security leader: Mistaking monitoring for control can lead to unreasonable expectations from clients. “When customer problems are misaligned, it often is due to a lack of ‘education,’” School explains. “If services haven’t been properly explained to them, they don’t want to hear excuses when something goes wrong,” he observes. School has heard it all, serving as CEO of Innova Technologies for more than 14 years before joining forces with Impact Networking in late 2021. (Early this year, DOT Security expanded its cybersec footprint into Cleveland, Ohio.)

Mitigating Risk

Managed service providers (MSPs) need to understand risk mitigation, also known as exposure. At the most basic level, small/medium-sized businesses as well as enterprise customers want penetration testing and firewall management, including hygiene and Microsoft Office 365 migrations, from their MSP. Operational assessment services delve into cyber and related insurance policy risks.

What Johnson terms as observability digs deeper into system vulnerabilities, which is part of so-called continuous threat exposure management (CTEM). “It’s attack surface discovery and patch management,” he explains, adding that keeping up with patching is becoming a monthly priority. “It used to be quarterly.” Next, there’s the orchestration part of cybersecurity, which is where running Security Operations Centers (SOCs) can come into play. “Think of it as SOC as a Service,” Johnson says. There’s staffing for endpoint detection and response (EDR) to consider. At Obviam, these are the people feeding the logs, which flow into an AI platform that sets up rules of engagement. (More on artificial intelligence in a moment . . . )

Johnson also points to more advanced governance, risk and compliance (GRC) concerns. For example, some MSPs look to assist with Azure, Microsoft’s cloud-computing platform, and Azure Cloud Switch (ACS), the cross-platform modular operating system for data center networking built on Linux. In words of warning, DOT’s School notes that compliance can be “a different animal,” especially when one wanders too deep into the proverbial weeds.

Part of the educational process for dealers is learning the jargon and acronyms associated with cybersecurity. Information security risk management (ISRM) is the process of identifying, assessing, and mitigating risks to safeguard an organization’s info assets from potential threats. ISRM entails implementing controls and security measures based on established frameworks such as NIST and RMF. NIST, a voluntary cybersecurity framework designed by the U.S. commerce department’s National Institute of Standards and Technology agency, includes a Risk Management Framework (RMF).

In terms of terminology, redefining “wins” within your organization also can prove challenging. “You might not see profits for six months to a year,” Johnson illustrates, so how do dealer reps stay motivated? ROI-focused managers can deemphasize dollar amounts and promote growth. One tactic is adopting a zero-based (ZBx) mindset to drive profitability by highlighting the future over the past:

• Tally “net new logos” (prospects converted to new customers) and recognize those numbers via monthly “win wires” that appeal to team members’ competitive sales personalities.
• Count cross-selling as a victory. “Reps can encourage prospects to tell them about their cybersecurity issues,” he suggests, “or maybe lead with security and back into their copier business.”

To send a truly meaningful internal message, dealer owners need to walk the talk and put their money where their mouths are, which may mean incentivizing the selling of cybersec services by relieving some hardware equipment quota. The second half of the year is prime time to begin rethinking sales compensation structures for 2026.

Four more cybersec startup mistakes to avoid, per Johnson:

1. Don’t make the mistake of setting unrealistic expectations with regard to bandwidth and the number of networks your firm can effectively serve.
2. Head count: Don’t underestimate the adequate staffing/human resources that are required.
3. Building a client base and building trust are not easy. Don’t make the mistake of thinking they are.
4. Don’t ignore or put off the legal (and tax) issues associated with engaging in this type of business. Protect your dealership from liabilities by incorporating proper terms and conditions in Master Service Agreements.

AI Angles

Artificial intelligence is changing the cybersec playing field. DOT Security is leveraging the power of AI to flip its entire tech stack upside down. “It has been a two-year journey,” informs School, who contends that traditional spam filters are dead. “AI can provide context as to what is ‘junk’ and what’s not. It makes us faster because alerts become more efficient. There aren’t three or four team members tied up looking at the same thing.” AI technology also can better prioritize threat urgencies, he notes. “We are bringing data into fewer systems and software,” consolidating from up to eight pieces of tooling.

AI is working to the advantage of evil threat actors, too. Ray Vrabel, senior director of partner programs at ConnectWise, points out that, thanks to the technology’s advances, “average hackers can look like ‘professional’ types.” “AI can write perfect code, which is why zero-trust frameworks have become more prevalent,” he observes. Even 13-year-olds can create semi-deep fakes using a parent’s voice on video. Vrabel’s own teenage son demonstrated this technique, for fun, but the ConnectWise exec is more concerned about sensitive data being uploaded into the public domain.

The folks at Obviam lose sleep over that, too. “A lot of people leap into it [AI] and worry about security later. But where competitive information is involved, security should be locked down first,” Johnson argues. “Having data in the ether is dangerous. It’s why turning on security features for employees is essential. Companies really need AI policies regarding data.”

Cybersec Startup Costs

While AI adoption may ease the pain of initial investment, dealer owners should not discount the basic, upfront software costs involved. As cybersec startup blunders go, ConnectWise’s Vrabel notes that sales are needed before dealers invest in staff hirings. “To close deals, you need the software and the right processes in place,” he says.

Finding solid talent can be challenging and is the bigger drain on cashflow as salaries add up. Competitive cybersecurity salaries have risen over the past three years, School reports, “which does influence billing rates. Are you willing to pay in the 80^th to 90^th percentile?” At the very least, find a high-quality VCIO (virtual chief information officer) who can do light assessments and conduct pen testing. However, landing such a tech leader isn’t cheap. When it comes to technician quality, you usually get what you pay for, warns Johnson, “so don’t just go out and grab a low-level tech.”

Dealers can become preoccupied with whether there is enough cyber business to sustain their investments. In cross-selling environments, sharing employees can cushion the blow. Inter-departmentally, “maybe you cross-charge,” Johnson recommends. “At first, the cybersecurity business may only require someone 10% or 15% of the time, which can be adjusted as the business grows and scales up.”

The cybersec transition can be easier if a dealer already has a help desk in place for imaging service and support. “It’s usually not difficult to identify three to five people who want to work on the IT and networking side of the business,” Vrabel adds. They can form the core of an Instance Response Team.

Not taking cybersecurity services seriously enough is another frequent dealer misconception. “This isn’t a side business that dealers can dip their toes into,” Vrabel cautions. “Dealers shouldn’t go into cybersecurity thinking of it as a loss leader that will result in them gaining more print clients. Their commitment needs to be clear to employees and part of their mission statement,” he stresses. “It’s not just something extra to put on the website.”

Such shallow levels of thinking, he adds, are recipes for disaster. “People who jump in can get deep in the ‘red,’” he advises. Failed cybersecurity experiments may ruin customer relationships, which can be difficult to rebuild. A trusted partner, such as ConnectWise, knows best practices because “we’ve done it 1,000 times,” Vrabel emphasizes.

While partnering with an IT vendor can be one path to cybersec success, acquisition is another. Dealers do not have to be subject matter experts in this area. Like MOM, they can broker a relationship with someone such as Johnson, who brings more than two decades of experience to the table.

Securing Network Opportunities

Cybercrime is big business, and cybersecurity really “took off” two years ago, recalls Johnson of Obviam. It seems almost a day doesn’t go by without news of another major data leak, often involving a major company. More than 1.7 billion data breach notices were issued across the United States in 2024: a 312% increase year over year, according to a report from the Identity Theft Resource Center. Average cost last year, says IBM, reached nearly $5 million per breach.

The global cybersec market is poised to grow to more than $560 billion over the next seven years (>14% CAGR) from nearly $194 billion in 2024:

• North America dominated that global market with a share of +43% in 2023.
• Here in the United States, the cybersec market is expected to reach an estimated value of $165 billion in 2032.

(Projections from Fortune Business Insights)

Data breaches have skyrocketed in the last decade, which is why so much growth is anticipated. Moving forward, increased criminal interest in healthcare records is of particular concern. In 2024, more than 180 million U.S. healthcare records were breached, affecting 53% of the country’s population. According to reports from Forbes and other sources, healthcare records now are considered 10 times more valuable than credit cards.

Another report puts the number of per-diem malware attacks in the area of 15 million. Ransomware, a type of malware, is named by 45% of executives as the top cyber risk, according to the 2025 Global Cybersecurity Outlook from the World Economic Forum. Ransomware prevents users from accessing their devices and the data stored on them, usually by encrypting files. A criminal group then will demand a ransom in exchange for decryption. Cyber-fraud is a rapidly growing area, too, named by 20%.