A/M/TEvery conversation lands on one decision: Accept, Mitigate, or Transfer.
ThreatCaptain Hub

The Decision Underneath Everything

Every conversation ends in one decision: Accept, Mitigate, or Transfer.

A/M/T isn't a section of the system — it's the decision layer. Discovery, assessments, proposals, QBRs, and renewals all land here.

Executives can decide on financial exposure. They can't decide on a tool list.

See A/M/T in practiceHow A/M/T fits into BOATS

The three decision paths

One risk. Three possible answers.

Every dollar of cyber exposure ends up in one of three buckets — financial decisions the executive can own.

A

Accept

Leadership understands the exposure and consciously decides to live with it. Deliberate, not ignored.

When it's right

  • Remediation cost exceeds likely loss
  • Low probability
  • Not operationally critical
  • Deferred priority

In practice

Legacy system
Deferred upgrade
Accepted operational limitation

Operational implication

Accept is documented expansion pipeline. Each accepted risk becomes a future conversation tied to a trigger event.

M

Mitigate

The business spends money to reduce likelihood or operational impact.

When it's right

  • Material operational risk
  • Justified remediation cost
  • Business disruption concern
  • Clear recovery requirement

In practice

EDR
MFA
Immutable backup
Awareness training
Incident response retainer
Managed security stack

Operational implication

Mitigate IS the proposal. MSP services answer a quantified financial problem — not a feature list.

T

Transfer

The business shifts financial consequence to a third party — usually cyber insurance.

When it's right

  • Catastrophic tail risk
  • Regulatory exposure
  • Operational survivability concern
  • Insurable financial consequence

In practice

Cyber liability policy
Business interruption rider
Crime / fraud coverage

Operational implication

Transfer creates recurring lifecycle conversations around renewals, compliance pressure, and coverage gaps.

Why this framework works

The language leadership already speaks.

01

CFOs and CEOs already use it.

Enterprise risk language — not cyber jargon. A/M/T maps onto how leaders think about exposure.

02

It creates a shared decision.

The customer chooses the path. The MSP guides the discussion. No one is selling — everyone is deciding.

03

The stack answers a financial problem.

The proposal stops being a service list and starts being the resolution to a quantified business question.

Why this changes MSP sales

The conversation reorganizes around the decision.

Discovery, proposals, QBRs, and renewals all tie back to exposure, consequence, and retained risk.

Traditional MSP conversation

ToolsFeaturesPrice objection

ThreatCaptain conversation

Financial exposureBusiness priorityRisk decision

A

Accept

Creates future expansion.

M

Mitigate

Creates proposal justification.

T

Transfer

Creates recurring insurance and renewal cadence.

A/M/T operationalizes how MSPs guide decisions at every stage of the customer lifecycle.

Scenario explorer

A/M/T in five industries.

Switch industries to see how the same framework allocates exposure differently — and what each allocation opens up for the MSP.

Total annual exposure

$3.8M

Law Firm
AAccept

15%

MMitigate

55%

TTransfer

30%

Operational risks

  • Privileged client data exposure
  • Wire-fraud / BEC against escrow
  • Court filing downtime

Mitigated stack

  • MFA on all matter-management systems
  • Immutable backups of client files
  • Email-borne threat protection
  • Quarterly partner-level awareness training

Retained risk

Legacy document-management server, deferred upgrade

Insurance allocation

Cyber liability + crime/fraud rider for escrow wires

MSP insight

Likely expansion conversation

Legacy DMS upgrade becomes the next business case once a partner asks about a competitor's breach.

Renewal trigger

Underwriter pressure on privileged-data controls at renewal.

Business continuity concern

Court-deadline downtime is the operational story that justifies recovery SLAs.

Proposal leverage point

Frame the proposal as protecting partner-track revenue, not as endpoint coverage.

How A/M/T fits into BOATS

The decision framework underneath the lifecycle.

A/M/T lives inside every BOATS stage.

B

Build the opportunity

Surface latent financial risk.

O

Open the conversation

Introduce the executive decision framing.

A

Accelerate

Quantify exposure and operational impact.

T

Tell the story

Position Mitigate recommendations.

S

Smooth sailing

Revisit Accept and Transfer in QBRs and renewals.

Read the BOATS overview

The customer owns the decision.

ThreatCaptain structures that decision in language leadership can act on.

The platform

provides the numbers.

BOATS

structures the conversation.

A/M/T

is the decision.

The report is not the product. The decision is.