Look beyond the news cycle when selling cybersecurity solutions

Nov 26, 2019

Cybersecurity can be a tough sell at the best of times – like insurance, it’s a grudge purchase for most organisations. Much of the momentum in the market comes from the news cycle, with companies spurred into action when an exotic strain of malware or a massive data breach dominates the headlines for a few weeks.

Think back to 2017 when ransomware variants such as WannaCry, Petya and NotPetya dramatically brought a range of large organisations around the world to their knees. For a few months, there was a flurry of market activity as organisations scrambled to put solutions in place to protect themselves from the most newsworthy threat of the day—and then resumed business as usual when the news stories died down.

But the reality of day-to-day information security is usually more mundane than headlines about cryptojacking and ransomware. Here’s an interesting stat from the Ponemon Institute and IBM: the cost of the average data breach to companies worldwide was $3.86 million in 2018, but it took an average of 196 days for a firm to identify a data breach.

In other words, some of the biggest dangers are ones that lurk unseen for months—the accidental or deliberate leakages of data by a company insider, the employee who inadvertently opens a door to the company network by logging on with an unsecured personal device, the phishing attack that gets through the spam filter.

Getting to grips with these challenges demands a holistic, risk-driven approach – which is where the channel can add value. Resellers in this space should be focusing on helping their customers to get the fundamentals right and encouraging them to move away from a reactive stance on information security.

With so many mid-market organisations still not understanding what technologies are needed to protect against these threats, the reseller can be a trusted advisor to customers looking for the best protection against ongoing and sophisticated attacks.

Here are some elements resellers should look at as they strive to meet this goal:

•              Be educational—discuss the threat landscape with clients and the pragmatic solutions they need to secure their businesses. Rather than using news headlines to sow ‘fear, uncertainty and doubt’—which will make some customers cynical—offer more grounded examples of how information security best practices can help the business to succeed.

•              Focus on results rather than technology—if you talk to less tech-savvy mid-market enterprise about Security Information and Event Management or artificial intelligence, you may lose them. Rather talk about the outcomes you can help them achieve in terms of protection of private and confidential data, compliance, enablement of digital channels, and business resilience.

•              Help them understand it’s a multifaced challenge—businesses need to take a multi-layered approach to enterprise security that encompasses technology, process, policy and people. It’s not just an IT problem, but an enterprise risk management issue. Small and mid-sized businesses may not have the skills and capacity to manage the challenge, so they will appreciate the guidance.

With the information security industry shifting towards cloud-based offering and managed service provider models, channel partners have access to a range of affordable solutions they can take to market. But even more important than the tech is helping client to develop best practices that cater for all threats – not just the ones in the news headlines.

Resellers should thus be positioning themselves as long-term partners who are there to support the client’s strategic efforts in a world nearly every part of the business, from its customer-facing websites, stores and call centres to its logistics and supply chain depends on IT systems.