It is so non-intuitive. Yet, each time I try to explain it, I get puzzled looks.
This is usually how it goes….
“I help business leaders create a cybersecurity program and story to unblock sales.”
“Huh?”
But it is true. More often than not our clients make the decision to hire us because they are facing serious sales challenges. Although every company and situation is different, it regularly follows this pattern.
A medium-sized cloud services provider is having trouble selling to large enterprises.
They face this hurdle because no brand name company wants bad press with their name associated with a cyber attack. They are putting pressure on their suppliers to have a stronger cybersecurity program to protect their products and their brand.
Here we can see the invisible hand of the free market working to help improve the security of all of our lives because, let’s face it, no one wants to be constantly worried about their cybersecurity. But this responsibility falls on a company’s ability to successfully sell their products and services.
Can you answer these questions favorably?
There are specific issues that are a red flag for most companies evaluating a smaller organization. Can your organization answer these questions favorably?
- Do you have a cybersecurity program?
- Do you have security policies that you follow?
- Can you explain the security of your product?
- What do you do for your organization’s security? How do you enhance your organization’s security?
If your sales team squirms when they hear these questions, you are probably hindering their ability to effectively sell.
You might not be losing sales, but your sales process could be grinding to a halt with your sales team running around trying to get answers to security questions instead of selling!
What do these companies have to do?
What a company really has to do depends on the industry but here are a few sure-fire things that will help across any industry.
- Actually have an implemented cybersecurity program. Just like any other program, have a person who is in charge. Empower that person to affect change across the organization and work to address your organization’s most pressing cybersecurity issues.
- Implement cybersecurity policies. Get a set of cybersecurity policies, read them, edit them, get organizational buy-in and roll them out to the company. The policies themselves are useless or can become a problem if they are not followed. You need to decide what you are going to do at your organization and then spend the time and effort to roll out those changes and be consistent.
- Have a web page, white paper or some other document that explains what you do with your cybersecurity program. If you can explain it (and it is true) then your customers can feel more confident that you are actually minimizing their cybersecurity risk.
But, what if that is not enough?
For 80% of customers, the above guidance is probably enough to make it through their approval process. For the remaining prospects, however, you will need to do more.
Many of our clients go to the next phase which is to achieve a certification or auditor assessment against a standard. In the US, the most popular is SOC 2 while we see ISO 27001 for clients with a more European focus.
These certifications/attestations require a big organizational commitment and are not a one-time activity. They require a persistent commitment. That, of course, is one of the reasons that customers highly value them. They know that organizations with a SOC 2, ISO 27001 or other similar certification or attestation demonstrate a certain level of maturity and commitment to security that few companies achieve.
That seems like a lot of work!
Getting your cybersecurity program off the ground is a lot of work. Now, if only there was a way for an outside firm to get your program going… Oh, yeah, that’s why I’m writing this. We have the expertise and resources to help get your cybersecurity program jump-started and get you through the certification process.
Please feel free to give Fractional CISO a call for a complimentary consultation so we can help you in getting your cybersecurity program off to the right start. We can be reached at (617) 658- 3276 or by email at [email protected].