How MSPs Can Use Breach Reports in QBRs Without Fear-Mongering

Quarterly Business Reviews (QBRs) often drift into abstract talk: "threat landscape," "attack surface," "zero trust." Breach reports give you something more concrete: real data tied to your client's actual identities. Here's how to use that calmly and effectively.

Why breach data works so well in reviews

Breach findings are powerful because they are:

• Specific — "These five staff emails have known breaches."
• Visual — you can show counts, timelines, and affected services.
• Actionable — they naturally lead to steps like MFA, password changes, and manager rollouts.

A simple structure for breach-based QBR sections

You don't need a complex slide deck. Try this three-part flow:

1. What we're seeing — a quick snapshot of breach exposure.
2. What we've done — steps taken since the last review.
3. What we recommend next — clear, prioritized actions.

1. "What we're seeing" — the snapshot

Examples of calm, plain-English framing:

• "Across 18 staff emails, we found 42 historical breaches. 10 of those included passwords."
• "Three shared mailboxes keep showing up in breaches, which suggests password reuse."
• "Several breaches involve tools your staff no longer use—there may be old accounts to close."

Stick to facts and avoid dramatic language.

2. "What we've done" — show your value

Connect breach findings to the work you're already doing:

• "We changed passwords and enabled MFA for all accounts with exposed credentials."
• "We reviewed which breached services are still in use and closed unnecessary accounts."
• "We updated your security awareness training to include recent phishing trends."

This builds trust and demonstrates progress, not just problems.

3. "What we recommend next" — clear, prioritized actions

Use breach data to justify a short, realistic roadmap:

• Migrate remaining shared passwords into a password manager.
• Finish MFA rollouts for finance, HR, and owner accounts.
• Schedule a quarterly breach review for new hires and high-risk roles.
• Run a focused phishing refresher after major breaches involving your industry.

Handling tough questions from executives

Common questions and calm responses:

• "Does this mean we've been hacked?"
  "Not necessarily. This shows that staff emails were part of breaches at services they use. Our job is to make sure those leaks can't be used to get into your current systems."
• "Are we in trouble legally?"
  "These are third-party breaches. We're focusing on tightening your controls so leaked passwords can't be used against you."
• "What's the one thing we should approve today?"
  Have a prioritized answer ready—often MFA, password manager rollout, or a focused hardening project.

Presenting breach data visually

You can keep the visuals very simple:

• Bar chart of breaches by role or department.
• Timeline of breach discovery over the last 12–24 months.
• Table of "Top 5 exposed services" used by staff.

Main rule: emphasize trends and actions, not just raw numbers.