7. Clients Don't Realize They're A Security Target

While clients might have heard of CryptoLocker ransomware, Tinnirello said they typically don't believe they'd have what data hackers would want.

Hinrichsen urged MSPs to tell real-life stories about companies that were hit and the impact on their businesses.

"It's not just nation-state clients they're going after," Hinrichsen said.

Tinnirello said Anchor Network doesn't have enough stories about small businesses getting hit, which poses a problem since clients will typically tune out if he raises breaches at a Fortune 50 company, such as Target.

"Until it happens, people want to learn the hard way sometimes," Tinnirello said.