How to use your Security Packages with clients and prospects

Security Packages are where your hard work turns into revenue in HighGround - helping your clients improve their security posture and end the confusion (wait, who switched the lights on . . .?)

These packages don’t just beef up your clients' cybersecurity; they also serve as a crystal-clear roadmap, showing them exactly what they’re getting for their hard-earned cash.

No more blank stares when you talk about "enhancing their security posture"—they’ll see the value, and you’ll look like the cybersecurity rock star you are. 🚀

When building your Security Packages in HighGround, you've got two options to choose from - standard and custom.

☕ Standard Packages – These are your go-to, one-size-fits-most security bundles. Designed by you, they’re built to give your clients a solid security posture without the guesswork. Think of them as your reliable, well-balanced security meal deal.

🎨 Custom Packages – These are the tailor-made, VIP experiences of the security world. Built around a specific client’s needs, they’re the cybersecurity equivalent of a bespoke suit—fitted, precise, and designed to make that one client feel extra special (and extra secure).

To learn more about security packages, read our Building your Security Packages article.

The price your clients pay for security in directly linked to the count of their assets, so you need your security package prices for clients to automatically adjust based on the number of assets they have. More assets? Higher price. Fewer assets? Lower price. Simple, right?

When you go to Security Packages for a client, you’ll be able to define their current asset quantity. If you click 'Get assets', you will see a list of assets you have synced into HighGround from your integrations such as PSA, RMM etc.

Simply changing your clients asset count will instantly update the price for all of your security packages - no lag, no manual recalculations and definitely no excel spreadsheets - just real-time pricing magic!

Now you can spend more time with clients discussing which security package best meets their needs and budget and less time on security reports and email proposals - what's not to love!

Security Packages in HighGround are designed to be flexible and reusable. When a clients exact asset quantities are factored in, the exact price is generated on the spot.

This dynamic, scalable approach is what makes HighGround’s Security Packages a powerful, efficient, and headache-free way to quote your clients for cybersecurity.

The breakdown of this pricing is visible when drilling into the package, which is covered in more detail below.

Security Packages hold a lot more information and functionality than just being able to visually show them their future cyber security posture - it's a comprehensive proposal including security components, features, financial breakdown, predicted security scores, included security tools and alignment to the NIST Cybersecurity 2.0 Frameworks.

There are loads of individual details to a security package that make up the final proposal, including:

Basic Details: These include the package name & description that your client sees.

Type: Whether it's a standard security package or a custom one you created for a specific clients needs.

Services: The services that are provided within the package

Financial Breakdown: This includes a comprehensive financial analysis of the security package, including:

Security Capabilities can be shown in one of two different views - by NIST CSF Function or by Security Pillar.

These two options will both show you the security components of the security package organized in different ways, designed to help your clients understand what security is provided in a simple and understandable way. The differences between these 2 different views are detailed below:

These align with the following five core functions of the NIST Cybersecurity Framework 2.0:
​
✅ Identify – Know what you’re protecting.

🛡️ Protect – Keep the bad guys out.

🔍 Detect – Spot threats before they become disasters.

⚡ Respond – Take action when things go sideways.

🔄 Recover – Get back on track after an incident.

These functions are automatically inherited from the security components mapped to the NIST CSF Framework. Since this is an international cybersecurity framework, they’re set in stone - meaning you can't change or tweak them - which is a good job because we spent months doing the hard work for you!

Think of Security Pillars as the plain-English version of cybersecurity for your client - something business owners and management teams can actually wrap their heads around (without their eyes glazing over).

Instead of diving into deep technical jargon, security components are grouped into functional areas that make sense at a glance. Your options include:

🔐 User Security – how you are keeping the humans from being the weakest link.

💻 Device Security – how you are protecting devices from cyber-attack.

🌐 Network Security – how you are keeping internal and external networks safe.

☁️ Cloud Security – how you are protecting cloud infrastructure e.g. Microsoft 365.

🔄 Business Resilience – ensuring you achieve cyber-resilience if the worst happens

📜 Compliance – keeping those auditors and regulators happy, and fines at bay.

Unlike with NIST CSF functions, you have control over how the security components are arranged in the security pillars. This is done on a per-security-component level when building out their security services.

When you dive into security packages, you’ll get a sneak peek at your client’s security posture—the cybersecurity equivalent of a "before and after" photo. You’ll see where their security stands now and where this shiny new security package will take it, aligned to the NIST Cybersecurity 2.0 Framework.

The visualization we provide with the NIST Functions show your client’s current security posture against the glorious heights their score could reach if they opt for the security package you are proposing.

And if that wasn’t enough to make you feel like a cybersecurity superhero, you'll also see their predicted Cyber Resilience score and Cyber Score and exactly how much improvement (%) the security package will boost their security by.

You will see your client’s current security posture outlined in a blue dashed line, while their new posture (with your package applied) shows up in the colour that is applied to the package. Think of it like a before-and-after shot.

But what if your client likes what they already have and just want to enhance it rather than replace it?

No problem! Click 'Merge' and both postures will morph into one, keeping their existing security strengths while layering on the new improvements from your package.

When in a security package you’ll get a full financial breakdown of how the price was calculated. You'll see:

These numbers are based on the estimates from when the security package was created, but we know life (and client environments) change faster than you can say “unpatched vulnerability.”

That’s why you can override these numbers to get a more accurate and tailored price for your client.

So, you’ve built the perfect security package—checks all the boxes, thought of every possibility - but there’s one problem - the client's arguing about the qty of users or devices.

No worries! You don’t have to scrap the package or break out an excel spreadsheet - just override the price.

To do this, simply head over to the financial breakdown of the package, tweak the quantities, unit prices or both, and boom - problem solved.

Now your client gets the right protection at the right price, and you get to look like a pricing wizard without breaking a sweat.
​

When applying a package to a client, you might notice they’re already paying for some of the included services. Instead of double-charging them (which, let’s be honest, wouldn’t win you any popularity points), you can contribute their existing spend.

This subtracts what they’re already paying from the cost of the package, making sure they’re only paying for what’s new - and keeping your billing transparent and fair.

There's a lot of detail going on in the financial breakdown of a security package in HighGround - so this is where we pull it all together for you.

This is also your go-to spot for adding discounts. You know the drill - when your client starts giving you that “I-love-it-but-my-budget-hates-it” look.

Instead of making life complicated with creative discounting ideas or screwing with individual product and service prices, just slap on a discount and call it a day. After all, you're in business to make money, right?

Nobody likes mystery charges (looking at you, streaming subscriptions), so the Included Features section lays it all out for your clients.

They'll see every security service that's included in the security package, along with every individual feature that's included in those services - talk about transparency!

This is where all the nitty-gritty details (that you're client doesn't really care about) about the actual security components included in the security package appear, along with the products that you use to deliver them.

And because we love keeping things neat and tidy, this information is pulled directly from your Security Services and Security Stack.

To learn more about security stack module read our Building your Security Stack article.

Now we're really splitting hairs - as the saying goes, you gotta 'sweat the details'. - BUT, you're clients don't!

Every NIST sub control (aka controls) of the security components you included in your security services (and thus added to your security packages) are defined here as statements of work - what you will do as part of this service - together with the sub control ID in the NIST CSF Framework

So whether your client is a compliance stickler, is look for re-assurance or needs the details for a contract, we've got you covered. Nothing says professional like say Yes in meetings and backing it up with the documentation afterwards.

You know you're an MSP when, after you spend 2 hours in a security presentation with a client, they ask you to send it all over in an email or report!

Instead of spending late nights and weekends trying to fulfil these frustrating requests, just export it to a pdf and send it to them!

This creates a detailed, professional layout of what you’re offering, so they can review it on their own time.

You can even control exactly what you include in the report - that's right, no one size fits all reports that you can't send to clients without them picking holes in them. You can toggle off sections when exporting, ensuring they only see what you want them to see.

So next time your client or prospect asks for you to send it over in a report, you can turn your 'omfg' into 'with pleasure'! 🚀

You've done it - you've sold your client on your security package and it's time to apply it to them in HighGround, as follows:

Open the client > Security Packages > Find the security package > Click ... > Select 'Apply Package'.

When applying the security package, you'll be prompted as follows:

When a security package is applied to a client, you will see a 'Managed' label when looking at the clients CyberScore drilldown, as follows:

This is to prevent you from overriding this manually when a package is applied. To change these security components, you can either update the security package or set the package as Inactive, i.e. un-apply it. You can do this the same way as applying a package, and selecting 'Set as Inactive'.