Let’s start with a bedtime story. You've probably lived it. 

It’s 2:13 a.m. Your phone’s going off like a smoke alarm. Caller ID: CFO. 

“Nothing works. Are we—are we hacked?” 

You roll over, crack open the laptop. Your RMM is connected. Dashboards are green. Security tools say everything is fine. But it’s not.

The network is down. An executable you don’t recognize is running on every machine. This isn’t a tool failure. It’s a hostile takeover. And the product is your client’s ransom.

Hackers aren’t amateurs anymore. They’ve got QA, DevOps, and billing departments. They’re structured. They’re funded. And they exist to ruin your week and get paid for it.

When the dust settles, no one will care how pretty your dashboards were. They’ll want to see your evidence.

Read This Before You “Explain What Happened” 

When a breach hits, your gut says: explain. Be helpful. Be transparent. 

Wrong move.

Unless you’ve got a written incident response plan—and a communications playbook vetted by counsel—you’re not being transparent. You’re making yourself the headline. 

The people investigating won’t ask for your opinion. They’ll ask for proof: 

  • What did you recommend? 
  • When? 
  • What did the client approve? 
  • What did they decline? 
  • How did you enforce it? 

Can’t answer? You’re not just exposed. You’re the first name on the lawsuit. 

Your Biggest Risk Isn’t Who You Think 

It’s not your biggest client. 

It’s the smaller, “responsible” ones buying cyber insurance. Because when that policy doesn’t pay out (and it won’t, more often than not), their next call isn’t to you. It’s to their attorney.

If you can’t prove your standard of care, you’re not their provider. You’re their payout.

Tools Will Fail. Culture Will Drift. Humans Will Screw It Up. 

  • A vendor will blame "configuration." 
  • A rushed engineer will expose RDP "for five minutes." 
  • A firewall will be installed on the wrong port. 
  • Your team will say, "We’ve got it covered." 

Security isn’t a toolset. It’s a discipline. A habit system you live and document—or you’ll find out what "joint and several liability" means in court. 

What Clients Don’t Know Will Bankrupt Them 

Downtime is just the opening act. The real bill includes: 

  • Lost revenue (churn and dead referrals). 
  • Lower valuation. 
  • Being uninsurable. 
  • Legal exposure. 
  • Vendor lawsuits when their data goes down with your client. 

Your client expects you to manage all of that. Whether they’ve told you or not. 

If you don’t help them understand risk in dollars, a lawyer will. 

Court Doesn’t Care About Your Feelings. It Cares About Evidence. 

If it’s not documented in real time, it didn’t happen. Start building an evidence engine: 

  1. Recommendations
    Log every gap, every control, every date. Saying "we told them" isn’t a defense. Timestamped documentation is. 
  2. Risk Acceptance Docs
    Client rejects MFA, EDR, segmentation? Capture the refusal with business impact. Revisit quarterly. That one PDF could save your MSP. 
  3. JIT Documentation
    No big-bang wiki. Just-In-Time documentation—write as you work. Validate on the next ticket. Improve constantly. 
  4. Quarterly Security Briefings (QSBs)
    Ditch QBRs. Bring real data: detections, deployments, open/accepted risks, and the money slide: claims denial risk reduced.
  5. Tabletop, Offline
    Run exercises with your RMM down. Record it. Debrief it. Fix what breaks. Do it again. 

Your Post-Breach Communications Playbook (Use This First) 

  • Authority & Roles: Who speaks. Who doesn’t. 
  • Legal Shield: Counsel-approved language. Privilege protected. 
  • Carrier Coordination: What to disclose. When. How. 
  • Stakeholder Templates: Clients, vendors, regulators, press. 
  • Evidence Pack: Controls, logs, decisions, receipts. 
  • Regulatory Matrix: Who gets notified, when. 
  • Rehearsal Cadence: Monthly micro-drills. Quarterly full runs. 

"You Don’t Need New Tools." You Need New Habits. 

Stop trying to shop your way out of liability. 

Turn on what you already own. Test it. Document it. Monetize the proof. That’s how MSPs become indispensable instead of replaceable. 

Watch This Before Your Next Client Meeting 

Think they’d never sue you? Watch this: https://youtube.com/shorts/f0zyP1ad8tE 

Tell them what to listen for: who pays when the carrier says "no"? 

Then show them how your process avoids that scenario. 

Build Your Playbook (Pick a Path) 

  • Want a sherpa? Grab 15 minutes with a Galactic security advisor. You’ll leave with your first draft post-breach plan and tabletop outline. 

Price It. Package It. Profit From It. 

This isn’t compliance. It’s evidence-based risk reduction.

Learn how to sell it, price it, and package it: https://www.galacticadvisors.com/cyber-liability-launch-pad/ 

The Offer You Make Before 2:13 a.m. 

  • Hackers are a business. Compete like your life depends on it. 
  • CFOs buy liability reduction. Speak their language. 
  • Evidence beats excuses. Every. Single. Time.

Write the plan. Rehearse the plan. Sell the plan.

Because when your tools die—and one day, they will—the only thing between you and a negligence claim is your documentation.