Heimdal
article featured image

Contents:

Most MSPs will tell you their worst nightmare is getting a call that a client has been breached. Dan Di Pisa lived that nightmare and then did something extraordinary. He paid his client’s $30,000 ransom demand out of his own pocket.

The result? He tripled Fusion Cyber Group’s revenue in two to three years without adding a single new client.

This isn’t a story about luck or market timing. It’s about an MSP owner who took his worst day and transformed it into his biggest competitive advantage. Here’s what Dan learned, and what it means for every MSP trying to navigate the increasingly complex world of cybersecurity.

When Everything You Think You Know Falls Apart

In 2015, Dan thought he was running a solid IT services operation. Fusion Cyber Group (then called MAR Computer Systems) had evolved from a PC builder competing with Dell in the 1980s to a proper managed service provider. They were proactive, they monitored systems, and they had moved away from hourly billing to recurring revenue.

They also thought they understood backups.

“This particular business had about 75 users, seven servers, a few remote sites,” Dan recalls. “We had recommended that they swap out their NAS drives weekly and keep one offsite in a bank safety deposit box. You figure, what could be safer than that?”

On a Monday morning after what seemed like a routine weekend, everything changed. All seven servers were encrypted. Complete ransomware takeover.

But here’s where the story gets interesting and terrifying.

When they rushed to the bank to retrieve the backup drive, they discovered the hackers had encrypted that too. The attackers hadn’t just broken in over the weekend. They’d been living in the network for two to three weeks, learning the backup routine, timing their attack perfectly.

“They encrypted all the data on that drive right before it was about to be disconnected and swapped,” Dan explains. “As soon as the new drive was connected, they encrypted that one too.”

The $140,000 Decision That Changed Everything

The initial ransom demand was $140,000 in Bitcoin. For a mid-sized MSP, that’s not just a client problem but an existential threat.

Dan made a choice that would reshape everything: he absorbed the cost himself.

“It felt wrong for the client to be faced with this, besides the downtime and business interruption that was inevitable,” he says. “We had recommended certain services, the client had followed our recommendations, and this was the result.”

After negotiations on the dark web using what Dan believes was ProtonMail, they managed to get the ransom down to $30,000. Dan learned about cryptocurrency exchanges, storage wallets, and the mechanics of paying cybercriminals. Knowledge no MSP owner wants but many eventually need.

That $30,000 payment became the foundation of a business transformation.

The Security-First Philosophy That Broke Industry Rules

Most MSPs treat cybersecurity as an important add-on. Dan took a different approach: he put cybersecurity ahead of traditional IT support. Not equal to. Ahead of.

“Cybersecurity has to be the primary focus, and then the IT stability and reliability of the equipment has to almost be secondary,” Dan explains. “It has to be a security-first approach for any MSP.”

This philosophy directly challenges how most MSPs structure their businesses. While his peers were still positioning security as a value-add service, Dan rebuilt Fusion Cyber Group as a managed security service provider first.

The results speak for themselves. By focusing on what he learned from that painful ransomware experience, Dan tripled his revenue in the following three years without acquiring any new customers. His existing clients simply bought more cybersecurity services and trusted him to manage it all.

The Numbers Approach That Actually Works

Here’s where Dan’s story gets practical for other MSPs. He discovered that clients don’t buy cybersecurity features but they buy protection from quantifiable business losses.

“Every customer understands numbers. Most don’t understand technology,” Dan says. “Instead of describing security value with words, I calculate the annual cost of downtime, factor in breach probability, and show clients the ROI in dollars.”

This isn’t about fear-mongering. It’s about presenting security as business continuity insurance with a specific dollar value attached to it. When a client can see that a security investment costs $50,000 but protects against $500,000 in potential losses, the decision becomes straightforward.

The Assessment-First Strategy

Dan’s approach starts with a fundamental principle: secure yourself before you secure others.

“Find a reliable assessment methodology or partner with someone,” he advises. “Choose a framework like NIST, CIS, whatever it is, and start identifying your gaps.”

This internal-first approach serves two purposes. First, it ensures your MSP can actually protect clients because you’ve already solved the same problems internally. Second, it creates authentic expertise. When you tell a client about a security challenge, you’re speaking from experience, not a vendor datasheet.

“Once you fortify yourself, then everything you learn fortifying yourself will just translate into what you’re gonna offer your customers,” Dan explains.

The Tool Sprawl Reality Check

Dan’s experience mirrors what research shows about MSPs today: they’re drowning in security tool complexity. His team went from managing relationships with a dozen separate security vendors to using Heimdal’s unified platform specifically to reduce complexity.

“You run out of real estate for all these dashboards that need to be open,” he says.

This connects to a broader industry problem. MSPs are using an average of five security tools, with many struggling to integrate them effectively. The sweet spot isn’t more tools. It’s the right tools working together.

Dan’s dashboard consolidation wasn’t just about convenience. It was about being able to actually manage security at scale without burning out his team or missing critical alerts in the noise.

The Red Flag That Predicts Failure

When asked about the most overlooked warning sign that an MSP client isn’t truly secure, Dan doesn’t mention technical configurations or compliance checkboxes.

“Customers having the belief that they’re too small to be targeted,” he says. “If someone believes that, then they’re definitely not investing in anything that they should be investing in to protect their business.”

The psychology matters more than the technology. Dan sees this mindset in MSPs too, which creates a compound risk.

“That two-man shop is potentially servicing 10, 20, 30 different businesses,” he points out. “So yeah, they’re an attractive target for hackers.”

The red flag isn’t technical. It’s psychological. If a client or an MSP thinks they’re “too small to matter,” they’ve already lost.

What This Means for Your MSP

Dan’s story offers three practical takeaways for MSPs trying to navigate cybersecurity complexity:

Start with internal assessment. You can’t protect clients from threats you haven’t solved in your own environment. Choose a framework, identify your gaps, and secure yourself first.

Quantify everything. Stop selling cybersecurity features. Start selling business continuity insurance with specific dollar values attached. Calculate downtime costs, breach probabilities, and ROI.

Reduce complexity, don’t add to it. More security tools don’t equal more security. Focus on integrated solutions that reduce dashboard sprawl and alert fatigue while improving actual protection.

The question isn’t whether your clients will face security challenges. It’s whether you’ll be ready to turn those challenges into deeper partnerships and higher revenue—just like Dan did.

His worst day became his biggest competitive advantage. The same opportunity exists for every MSP willing to put security first and learn from the experience.

CHECK OUR SUITE OF 11 CYBERSECURITY SOLUTIONS

SEE MORE