How your cybersecurity might help you win business
Some companies may see it as a drag on time and resource, but improved cybersecurity could help you to win clients.
Instead of being seen as a purely defensive measure, cybersecurity might also be seen as a business enabler. In future, some companies might even see their own cybersecurity as a profit centre.
Cybersecurity is a ‘core’ part of the selection and contract process for 40% of companies, found Lockton’s UK Cyber Security Survey 2017. Conversely, 89% of companies said they ‘always or at least sometimes’ factor cyber risks into the creation or launch of new products and services.
Put simply, many companies are mindful of the importance of cybersecurity when choosing suppliers, or when trying to sell products or services. They appreciate the systemic nature of cybersecurity, and that their own cybersecurity cannot be optimised by just looking inward.
There are many high-profile demonstrations of this corporate reality. For instance, the data breach of US retailer Target in late 2013 was caused by cyber attackers accessing Target’s gateway server through credentials stolen from a third-party vendor. The breach resulted in around 40m customers’ data being compromised, and cost a total of $202m.
Safe pair of hands
A reputation for robust cyber security could make you more attractive as a vendor to other companies – particularly for more strategic, data-rich relationships and projects. Failure to demonstrate robust cyber security, on the other hand, could instantly disqualify you from some tender processes.
Medium-sized businesses that work with large companies could soon face a cybersecurity hurdle that prevents them from competing for business. Larger companies, in particular, are beginning to incorporate IT security requirements into their standard RFPs and bidding processes. Many companies are also stipulating that suppliers have a standalone cyber insurance policy, which covers not just financial loss but also data breach response services.
The concerns that companies have about prospective vendors’ cybersecurity will be magnified by the forthcoming General Data Protection Regulation (GDPR) – set to become effective on 25 May 2018 – which will impose more stringent regulatory requirements and raise the possibility of greatly enlarged fines.
As well as the various certifications that companies can acquire to help them to demonstrate robust cybersecurity (such as Cyber Essentials and Cyber Essentials Plus, or ISO 27001), having the right personnel can also make a critical difference when credentialling your company’s cybersecurity during a tender process.
This can be a particular challenge for medium-sized companies, who have less in-house IT resource. Such companies do not need a CISO (chief information security officer) in order to satisfy the needs of larger companies. It does help, however, if they have someone who is dedicated to IT security and able to:
understand the cyber risks their company faces
understand how to protect their company against these risks
articulate these matters internally and externally.
Even in today’s cyber-aware marketplace, smaller companies can work strategically with larger companies on data-centric projects – if they understand what big businesses are looking for and how they view cybersecurity. They do not need to have a similar amount of IT resource, and nor will larger companies expect this of them; they do, however, need to be able to speak a similar language.
Peter Erceg – senior vice president, Global Cyber & Technology, Lockton
Lockton Companies LLP is ACCA’s recommended broker for Professional Indemnity insurance. For information, please contact Lockton on 0117 906 5057.