For a lot of MSPs, trying to convert reactive (i.e., break/fix) clients into proactive (managed services) clients can be a struggle. No matter how hard you try, those reactive clients just won't budge.

Fortunately, there is a pretty effective technique you can use to begin to impress upon your reactive clientele all the benefits and reasons they would be better off as a managed services client.

Step 1: Communication. You have to have a conversation with your reactive clients about everything. Times are changing. Everyone is taking cybersecurity more seriously these days. Explain how reactive IT management isn't IT management at all; it's IT disaster cleanup. And, it can get pretty ugly. The point is, talk to your clients and let them know what's about to happen.

Step 2: Put your reactive clientele through some sort of security baseline. Don't get fancy. You can use something like the CIS framework. CIS does not have a certification so you just will be assessing the client's existing controls, policies, and procedures against the CIS controls. By the way, this technique can also be used quite effectively for all new managed services prospects.

For clients below the CIS level, you can let them know where the gaps are, that you can fix those gaps, but that a managed services relationship is what is needed.

Finally, if the reactive client still won't budge, you can raise your rates due to the provable increase in risk they represent to your MSP practice.

 This technique is a combination of compliance baseline plus risk-based pricing, and it can be a very powerful and persuasive tool in getting reactive clients to understand the modern cyber world in which we live.