Complete Sales Scripts

Opening (2 minutes)

"Thank you for taking the time today, [Name]. I know your schedule is busy, so I will be direct about how we can use this time best. I would like to learn about your business, understand your current IT situation, and explore whether we might be a good fit. I will probably ask more questions than you are used to — that is because the better I understand your situation, the better I can recommend the right solution. Does that sound good?"

Context Questions (5 minutes)

Current State Questions (5 minutes)

Pain and Impact Questions (8 minutes)

Future State Questions (5 minutes)

Budget and Authority Questions (3 minutes)

Transition to Next Step (2 minutes)

"Based on everything you have shared, I have a clear picture of your situation. The challenges around [summarize key issues] are significant, and I believe we can help. The next step in our process is [security assessment/proposal/site visit]. This will [specific value]. Should we get that scheduled now? I have [day] at [time] or [day] at [time]. Which works better?"

Purpose: Determine if prospect is worth a full discovery call

Opening

"Hi [Name], this is [Your Name] from [Company]. Thank you for [downloading our guide/requesting information/etc.]. I promised to keep this brief — I have just a few quick questions to make sure I point you in the right direction. Do you have two minutes?"

Qualification Questions

"Great. To make sure I do not waste your time, let me ask:

Qualification Scoring

Score 8-10: Schedule full discovery call

Score 5-7: Schedule discovery but flag as longer cycle

Score below 5: Nurture, not ready for active sales process

Transition

"[Name], based on what you have shared, I believe a more detailed conversation would be valuable. I would like to schedule 30 minutes to learn more about your environment and share how we have helped similar companies. Would [day] at [time] work?"

Purpose: Offer complimentary or paid assessment as door-opener

"[Name], one of the things we do for organizations like yours is a comprehensive security and compliance assessment. It takes about [N] hours, and at the end you receive a detailed report showing exactly where you stand against industry standards and what gaps need attention.

Most organizations find 15-20 issues they didn't know existed—including credential exposures on the dark web, unpatched systems, and compliance gaps. The assessment is normally $[2,500-5,000], but for qualified organizations we're offering it complimentary with a proposal review.

Would it make sense to schedule this? It will give you the information you need to make an informed decision—whether you choose us or not."

Context: During Quarterly Business Review

"[Name], before we wrap up, I want to highlight two opportunities based on what we've seen this quarter.

First, your team has grown by [N] people since our last QBR, and we haven't adjusted your coverage. Those [N] users are not fully protected under our current scope.

Second, we've identified [specific security or compliance gap] that wasn't urgent last quarter but is becoming critical given [regulatory change/industry trend/client request].

The investment to address both would be $[amount]/month. Given the [quantified risk/business impact], this feels like a smart move before [specific deadline/event]. Should we add this to next quarter's plan?"

Context: Annual or overdue price adjustment

"[Name], as we enter [year/quarter], I want to review the value we've delivered and discuss our program investment for the coming period.

Over the past [period], we've added [specific capabilities—MDR, advanced automation, expanded vCIO time, additional tools] to your program. These weren't charged separately—they were folded into your existing service as we grew our capabilities.

To maintain the team depth, tool stack, and response guarantees you've experienced, we need to adjust the monthly investment by [N]%. This translates to $[amount]/month additional.

I know increases are never welcome. Let me show you exactly what this covers and the alternative if we don't make this adjustment..."

[Present value reinforcement and option comparison]

Context: Post-QBR or after successful project delivery

"[Name], you've been an incredible partner, and I'm genuinely proud of what we've built together. I'm curious—do you know any other [industry] leaders who are facing similar [security/compliance/IT] challenges?

We're selective about who we work with, and a referral from you would carry significant weight. If someone comes to mind, I'd love an introduction. And to show our appreciation, we provide [referral incentive—$500-2,000 credit, charitable donation, etc.] for every referred client who engages us."

LinkedIn/Email Version

"Subject: [Industry] firms in [City] and security gaps

Hi [Name],

I work with [N] [industry] firms in [region] on IT security and compliance. Over the past [period], we've noticed a pattern: most organizations in your industry have significant security gaps they don't know about until an incident or audit exposes them.

We've developed a 20-point assessment that identifies these gaps in about 2 hours. Last month, we found credential exposures on the dark web for 80% of the organizations we assessed.

Would you be open to a brief conversation about whether this assessment would be valuable for [Company]? No pitch—just a 15-minute conversation to explore fit.

[Your Name]"

Executive Summary

"Thank you for the opportunity to present our proposal. Before we dive into the details, I want to remind you of the three outcomes we agreed were most important: [list outcomes from discovery]. This proposal was designed specifically to deliver those outcomes."

Three-Tier Presentation

"We've designed three options. I'll start with our comprehensive tier so you have full context, then walk through what most organizations select, and finally the essential option.

[Present Best tier]

[Present Better tier — target]

[Present Good tier]

Based on your priorities and budget, I recommend the [Better/Best] tier because [specific rationale tied to discovery]."

ROI Close

"The investment is $[amount]/month. When we compare that to the [quantified risk/inefficiency] we identified, the payback period is [N] months. After that, you're generating net positive value every month."

Objection 1: "Your price is too high."

Explore: "I understand price is important. Can you help me understand what you're comparing our price to? Are you looking at another quote, or is this about fitting the investment into your budget?"

Respond (if comparing to competitor): "Price comparisons only work when the services are identical. Let me walk through exactly what is included in our proposal and what may not be included in the other quote. Often, the difference is in security coverage, response time guarantees, or compliance support."

Respond (if budget constraint): "Budget constraints are real. Let's look at this two ways. First, the cost of not addressing [specific risk] could be [quantified impact]. Second, we could phase the implementation — start with [core services] at $[lower amount] and add [additional services] in [timeframe]."

Behavioral Tactic: Use partitioned pricing to break total into components. Use loss framing: "The cost of one ransomware event averages $150,000. Our annual program is $X."

Objection 2: "We are fine with our current provider."

Explore: "I am glad you have a provider you are satisfied with. Can I ask — if you could change one thing about your current IT support, what would it be?"

Respond: "Satisfaction with a current provider is understandable. Many of our best clients felt the same way. What changed their minds was [specific differentiator — security incident, compliance gap, growth that outpaced current provider]. We are not asking you to make a change today. We are asking for the chance to show you what is possible. Our security assessment is complimentary and might reveal gaps your current provider has not addressed."

Behavioral Tactic: Use curiosity gap. Complimentary assessment creates low-risk entry point.

Objection 3: "We need to think about it."

Explore: "Of course, this is an important decision. What specifically do you need to think through — is it the investment, the timing, or something about our approach?"

Respond: "I completely understand. Here is what I have found helps: let me send you a one-page summary of what we discussed, including the ROI projection. I will also include contact information for two clients in your industry who made a similar decision. Then I will check in on [specific date]. Does that work?"

Behavioral Tactic: Pre-commitment to specific follow-up date. Send social proof references immediately.

Objection 4: "The timing is not right."

Explore: "I understand timing is a factor. What is driving the timeline — is there a specific event you are waiting for, or is this about budget cycles?"

Respond: "Timing decisions are often about priorities. What I would ask you to consider is that every month without [solution] exposes you to [specific risk]. The [security incident/compliance gap/downtime risk] does not wait for budget cycles. We could start with a limited scope that addresses the most urgent items and expand from there."

Behavioral Tactic: Reframe inaction as active risk. Use urgency creation without artificial pressure.

Objection 5: "We handle IT internally."

Explore: "That makes sense for many businesses. How many people are on your IT team, and how do you handle coverage for vacations, sick days, and after-hours emergencies?"

Respond: "Internal IT teams are often excellent at day-to-day operations. Where we add value is in [specific area — security expertise, compliance knowledge, after-hours coverage, strategic planning]. Many of our clients have internal IT staff, and we work alongside them as an extension of their team. This gives them access to specialized expertise without adding headcount."

Behavioral Tactic: Position as extension, not replacement. Use in-group favoritism—compliment their internal team first.

Objection 6: "We had a bad experience with an MSP before."

Explore: "I am sorry to hear that. What happened with your previous provider?"

Respond: "That is unfortunately a common story. The MSP industry has a wide range of quality. What separates us is [specific differentiators — SOC2 certification, response time guarantees, vertical specialization, client satisfaction scores]. I would welcome the chance to earn your trust differently. We could start with a 90-day trial period so you can evaluate our service before a long-term commitment."

Behavioral Tactic: Trial period reduces perceived risk. Use authority transfer (certifications, scores) to rebuild trust.

Objection 7: "Your contract is too long."

Explore: "I understand the concern about commitment. Is it the length that concerns you, or is it about having flexibility if something changes?"

Respond: "Our standard contract is 12 months because it allows us to invest in onboarding and security improvements without losing that investment to early cancellation. However, we can include a 90-day performance review clause that gives you an exit option if we are not meeting agreed-upon service levels. We have never had a client exercise that clause, but it might give you the confidence to move forward."

Behavioral Tactic: Risk reversal through performance clause. Loss aversion on their side—they fear commitment; reduce that fear.

Objection 8: "We need to get other quotes."

Explore: "That is a smart approach. How many other providers are you considering, and what criteria will you use to evaluate them?"

Respond: "Getting multiple perspectives is wise. Here is what I would encourage you to compare beyond price: [list key differentiators — security stack depth, response time guarantees, vertical expertise, compliance support, vCIO services]. We are confident that when you compare apples to apples, our value proposition is the strongest. I would also be happy to provide references from clients who evaluated multiple providers before choosing us."

Behavioral Tactic: Define evaluation criteria favorably to your strengths. Provide decision framework that weights your advantages.

Objection 9: "We are too small for managed services."

Explore: "I hear that sometimes. What size do you think you need to be to justify managed services?"

Respond: "Size is less important than dependency. If your business stops when your technology stops, you need managed services—whether you are 5 people or 500. We have clients with 10 users who invest $2,000/month because a single day of downtime would cost them $15,000. The right question is not 'are we big enough?' but 'can we afford a significant IT failure?'"

Behavioral Tactic: Reframe from size to dependency. Use specific cost comparison.

Objection 10: "We just renewed with our current provider."

Explore: "I understand. When does that renewal expire, and what would need to be different for you to consider a change at that point?"

Respond: "Renewal timing is actually ideal for planning. Most organizations wait until 30 days before renewal to evaluate alternatives, which creates pressure and poor decisions. Let's schedule a conversation 90 days before your renewal so you have time to compare properly. In the meantime, I'd like to offer our complimentary security assessment—it will give you objective data about your current state regardless of timing."

Behavioral Tactic: Plant seed for future decision. Create obligation through assessment value.

Objection 11: "Can you match [competitor's] price?"

Explore: "I appreciate you asking. To make sure I understand, are the services and coverage identical, or are there differences I should know about?"

Respond: "We don't match prices on unequal offerings. What I can do is ensure you understand exactly what you're getting at each price point. Often, lower prices reflect reduced coverage, slower response times, or less experienced technicians. Let me show you a side-by-side comparison so you can make an informed value decision, not just a price decision."

Behavioral Tactic: Refuse to compete on price alone. Shift to value comparison. Use loss aversion on quality reduction.

Objection 12: "I need to run this by my [partner/board/spouse]."

Explore: "Absolutely. Is this person available for our next conversation? I'd love to answer their questions directly rather than putting you in the position of translating."

Respond: "I completely understand involving stakeholders. What typically works best is a brief 15-minute call with all decision-makers present. That way, everyone hears the same information and can ask questions directly. Would [day/time] work for that group conversation?"

Behavioral Tactic: Get all stakeholders in one room. Prevent broken telephone effect. Use social proof in group setting.

Objection 13: "This seems like overkill for our needs."

Explore: "Tell me more about what feels like overkill—is it the scope, the price, or something specific in the proposal?"

Respond: "I understand the concern. What we've found is that organizations often underestimate their exposure because they haven't experienced a major incident yet. Our 'Better' tier was designed for firms your size because it addresses the risks that are most likely but least expected. We could start with the 'Good' tier and build up, but I'd be concerned about leaving you exposed to [specific risk]."

Behavioral Tactic: Acknowledge concern without agreeing. Use availability heuristic—recent incidents in similar firms.

Objection 14: "We're planning to hire internal IT instead."

Explore: "That is a valid strategy. What role are you planning to hire for, and what is the budgeted salary range?"

Respond: "Internal IT is excellent for day-to-day operations. What most organizations find is that one person cannot cover 24/7, security expertise, compliance knowledge, and strategic planning simultaneously. Our model is to work alongside internal IT—as an extension that provides specialized expertise without adding headcount. Many of our clients have internal staff and still use us for security, compliance, and after-hours coverage."

Behavioral Tactic: Position as complement, not competitor. Use math: one person can't cover 24/7/365.

Objection 15: "We've never had a security incident, so we're not worried."

Explore: "I am glad to hear that. What security measures do you currently have in place that you believe are preventing incidents?"

Respond: "Not having had an incident is genuinely good news. The question is whether that's due to strong defenses or good luck. Our assessments typically find that organizations without incidents have a mix of both. The organizations that thrive long-term are the ones that don't rely on luck. Would you be open to a complimentary assessment that shows you objectively whether your lack of incidents is skill or fortune?"

Behavioral Tactic: Skill vs. luck framing. Complimentary assessment as low-risk validation.

Objection 16: "Your security stack is too expensive."

Explore: "I understand the investment feels significant. What are you comparing it to—your current security spend, or the total perceived risk?"

Respond: "Security stack pricing should be evaluated against the cost of a single incident, not against your current spend. The average ransomware recovery is $150,000. Business email compromise averages $120,000. Our full security stack for your size is $[amount]/month—less than 10% of a single incident cost. The real question is whether you can afford not to have it."

Behavioral Tactic: Loss framing. Compare to incident cost, not current spend.

Objection 17: "We already have antivirus, so we're protected."

Explore: "I am glad you have endpoint protection. When was it last tested against a modern ransomware sample?"

Respond: "Antivirus is important, but it is one layer in what should be a multi-layer defense. Modern threats bypass antivirus regularly. Our security stack includes EDR, email security, MFA, dark web monitoring, and user training—each addressing a different attack vector. Relying on antivirus alone is like locking your front door but leaving every window open."

Behavioral Tactic: Use vivid analogy (doors and windows). Layered defense concept is intuitive.

Objection 18: "Our data is in the cloud, so we don't need this."

Explore: "Which cloud services are you using, and who manages the security configuration for those platforms?"

Respond: "Cloud security follows the shared responsibility model. Microsoft, Google, or Amazon are responsible for their platform security. YOU are responsible for your data, your user access, your configurations, and your compliance. 19% of data breaches are caused by cloud misconfigurations—settings that your cloud provider doesn't control. We secure your side of the shared responsibility."

Behavioral Tactic: Educate on shared responsibility. Use specific statistic.

Objection 19: "We don't have any sensitive data worth stealing."

Explore: "That is a common perspective. What types of data do you store—client information, financial records, employee data, intellectual property?"

Respond: "Every business has data worth stealing. Client lists are valuable for competitors. Financial data is valuable for fraud. Employee data is valuable for identity theft. And increasingly, ransomware gangs don't care about your data—they care about your ability to operate. They encrypt everything and demand payment to restore access. The value is in your downtime, not your data."

Behavioral Tactic: Reframe from data value to operational value. Ransomware doesn't steal—it encrypts.

Objection 20: "The economy is uncertain, so we're cutting costs."

Explore: "I understand the pressure. Are you cutting costs across the board, or is there specific concern about the IT investment?"

Respond: "Economic uncertainty makes proactive investment more important, not less. Organizations that cut security and IT during downturns become easier targets—threat actors know defenses are down. Additionally, technology efficiency gains can fund themselves. Our optimization services typically find 20-30% IT waste that can be reallocated to security and proactive management without increasing total spend."

Behavioral Tactic: Reframe as optimization, not addition. Cut waste, fund protection.

Objection 21: "Our current provider says they handle security."

Explore: "That is good to hear. What specific security services do they deliver, and can they show you evidence of coverage?"

Respond: "Many providers claim security coverage but deliver only basic antivirus. The question is whether they provide EDR, SIEM, email security, dark web monitoring, vulnerability management, and user training. If your current provider cannot show you a security scorecard with metrics on each of these, there may be gaps. Our complimentary assessment will give you objective data about your current security posture, regardless of what you're being told."

Behavioral Tactic: Create information gap. Complimentary assessment as objective validator.

Objection 22: "This is a lot of change at once."

Explore: "I understand. Is the concern about the implementation complexity, or about the organizational adjustment?"

Respond: "Change can feel overwhelming, which is why we phase implementations. We don't flip a switch on day one. We start with the highest-impact, lowest-disruption changes—like MFA and EDR—then build from there over 90 days. Your team experiences improvement before they experience change. And our onboarding team handles 90% of the work; your team just needs to show up for brief training sessions."

Behavioral Tactic: Phase the change. Emphasize our effort, their minimal involvement.

Objection 23: "We had a better relationship with our previous IT person."

Explore: "I understand personal relationships matter in business. What specifically did they do that created that relationship?"

Respond: "Relationship quality is exactly what we prioritize. Our vCIO program is designed to create that same personal connection at a strategic level. You get a dedicated technology advisor who knows your business, attends your planning meetings, and is accountable to you directly. Many of our clients say their vCIO relationship is stronger than any previous IT relationship because it is strategic, not just transactional."

Behavioral Tactic: Translate relationship need to vCIO offering. Promise strategic depth over transactional service.

Objection 24: "We're moving everything to the cloud soon, so we'll revisit this after."

Explore: "That makes sense. What is your cloud migration timeline, and which workloads are you planning to move?"

Respond: "Cloud migration and managed services go hand in hand. In fact, managing cloud security, cost optimization, and user access is often more complex than managing on-premises infrastructure. We have a cloud migration practice and can integrate that work into our managed services program. Rather than waiting, let's build the relationship now so we can support the migration properly—and optimize the cloud environment once you're there."

Behavioral Tactic: Reframe as accelerator, not blocker. Cloud increases complexity; we manage that.

Objection 25: "Your reviews online are mixed."

Explore: "I appreciate you doing research. Which reviews concerned you, and what specific feedback felt relevant to your situation?"

Respond: "Online reviews are important, and I encourage you to read them critically. Every MSP with more than 50 clients will have some negative reviews—usually from clients who were not a good fit or had unrealistic expectations. What I would ask is that you speak directly with two or three of our current clients in your industry. They will give you context that reviews cannot. Would you like me to arrange those conversations?"

Behavioral Tactic: Acknowledge without defensiveness. Redirect to reference calls with ideal clients.

Objection 26: "We've always done IT this way, and it's worked fine."

Explore: "I respect that. What does 'worked fine' look like—no major issues, acceptable costs, good team satisfaction?"

Respond: "Tradition is valuable, but the threat landscape and business environment have changed dramatically. What worked five years ago is often inadequate today. We don't want to change what works—we want to protect it from new risks and optimize it for current demands. Think of it as upgrading from a smoke detector to a full security system. The house hasn't changed, but the threats have."

Behavioral Tactic: Respect tradition while introducing threat evolution. Upgrade analogy is non-threatening.

Objection 27: "We're considering [big brand name] instead."

Explore: "They are certainly a recognizable name. What specifically attracted you to them?"

Respond: "Big brands have resources, but they also have thousands of clients and standardized processes that don't adapt to individual needs. Our clients choose us because we offer [specific differentiators—vertical expertise, local presence, dedicated team, faster response]. With [N] clients, you're not a ticket number—you're a partner. Would you like to speak with a client who switched from [big brand] to us?"

Behavioral Tactic: Use David vs. Goliath positioning. Personal attention vs. scale.

Objection 28: "This decision isn't a priority right now."

Explore: "I understand priorities. What would need to happen for IT and security to become a priority?"

Respond: "Priorities shift when something forces attention—a breach, an audit failure, a client requirement, or a significant outage. What I would suggest is that we complete a complimentary assessment now, while it is calm. That way, if something happens, you have a partner relationship and a remediation plan already in place. Waiting until it's urgent usually means worse outcomes and higher costs."

Behavioral Tactic: Pre-position before crisis. Complimentary assessment creates relationship without immediate commitment.

Assumptive Close

"Based on everything we've discussed, the Professional tier makes the most sense. Should we get the agreement out today or would tomorrow work better?"

Alternative Close

"Would you prefer to start with the full implementation or phase it over 90 days?"

Summary Close

"Let me summarize what we've agreed to: [list]. This addresses [pain points] and delivers [outcomes]. Are you ready to move forward?"

Urgency Close

"Our onboarding team has two slots available next month. If we get the agreement signed this week, we can start [date]. Otherwise, we'd be looking at [later date]. Which works better for your timeline?"

ROI Close

"The investment is $[amount]/month. The quantified value is $[amount]/month. That's a net positive of $[amount]. Let's get this moving so you start capturing that value."

"Welcome to the team, [Name]. Today marks the beginning of what we hope is a long and valuable partnership. Over the next 90 days, our goal is simple: demonstrate so much value that you can't imagine going back to how things were.

Here's exactly what happens next:

Your dedicated team: [introduce team members and roles].

Your communication channels: [portal, email, phone, Slack/Teams].

Let's start with a tour of your environment and our first discovery session."

"[Name], I noticed [specific signal—ticket sentiment, delayed payment, missed QBR]. I want to check in directly: how are we doing? Is there anything we should be doing differently?

[Listen actively. Do not defend.]

Thank you for sharing that. Here is what I am going to do about it: [specific action with timeline]. And I will personally follow up on [date] to make sure it is resolved.

Our relationship matters to me. Let's fix this together."

"[Name], you've been with us for [period], and our operational relationship is strong. I want to introduce something that will transform how technology serves your business: our vCIO program.

Most organizations our size have a gap between day-to-day IT support and strategic technology leadership. The vCIO fills that gap. You get a dedicated technology executive who:

The investment is $[amount]/month. The alternative is continuing without strategic technology leadership, which means reactive decisions, missed opportunities, and higher long-term costs.

Would it make sense to start with a 90-day pilot?"

"[Name], [regulatory change/client requirement/industry trend] means compliance is no longer optional for organizations like yours. Here's what has changed:

[Specific regulatory or client requirement]

The organizations that get ahead of this will win new business and retain existing clients. The ones that wait will lose deals and face regulatory scrutiny.

Our compliance program includes:

Initial investment: $[amount]. Ongoing: $[amount]/month.

Would you like to start with the assessment?"

"[Name], your base managed services program is working well. I want to discuss upgrading your security posture.

Since we started, the threat landscape has evolved. [Specific new threat or regulatory requirement]. Organizations with your risk profile are moving from basic antivirus to full endpoint detection and response.

The security stack upgrade adds:

Investment: $[amount]/seat/month, or $[total]/month for your organization.

The question isn't whether you need this—every organization your size does. The question is whether you implement it before or after an incident. Let's do it before."

The MSP Growth System — Clozo Academy Premium Curriculum

Premium Scripts Collection | 28 Objections | $997 Value Edition