October 02, 2014 CYBER SECURITY, IT SECURITY

Monetizing IT Security

By Chad F. Walter

Showing IT security as a competitive advantage, or, in a nutshell, monetizing IT security, seems to be one of the biggest hurdles for many companies when trying to justify complex IT security investments.

As a vendor, this is the “Holy Grail” to the IT security tipping point – “If our clients see how IT security gives them a competitive edge, they’ll invest immediately.”

Here lies the challenge.  IT security has always been a line-item expense.  Unless your business is IT security, the expense sits firmly in the line-item cost bucket waiting to be cut out of the budget by the cost-conscious CFO.  This is business 101. Expenses directly connected to making money and driving revenue get top priority over expenses unconnected to revenue growth.  IT security investments end up alongside office supplies, urinal cakes, and coffee. Hold on, you say, this isn’t entirely true, and you’re right.

If you asked a company what was more important, having coffee in the break room or securing their network, what do you think they’d say?  Please tell me IT security.  Back to reality, guess what?  We all know what happens when there’s no coffee in the break room.  Adding to the challenge, it’s important to remember that IT security is complex, expensive, and no one (except the vendors, consultants and auditors) really understands it.  Even internally, most employees only acknowledge IT security when they can’t get to eBay or YouTube. Or when they’re not receiving those cool, flashy emails from the hot chick who wants to connect on Facebook.

Damn IT security.  Why do we spend all that money on IT security again?

If everyone hates IT security, how do we help our clients and prospects understand that it’s a huge, marketable benefit?  After all, in the event of a breach, it’s, usually, their customers who are first in line to feel the pain.  And here’s precisely where there’s a competitive advantage.  IT security clients should be promoting and selling the company’s superior IT security posture.  Why not?  If Target is breached, why shouldn’t a competitor reassure customers of their ability to keep credit card data safe?  Isn’t it important (and an enormous VALUE for me) to trust the safety of my financial data at my bank, or the privacy of my healthcare records at my doctor’s office?  As an IT security provider, maybe we, in addition to working with “decision makers,” should integrate with and support our clients’ marketing departments.

How much new business do you think a retailer could drive if they boldly marketed the investments they’ve made to secure their customers’ transactions?  Wouldn’t that be a true ROI on IT security investments?  Yes, there’s a connection between IT security and revenue.  It just needs to be leveraged.

Believe you me, I’m not naïve.  I completely understand the risks associated with putting a target on a client’s back.  That’s one of the major reasons why Network Box doesn’t advertise in airports, or broadcast to the world that we’re the best (insert sound of self-tooting horn, please).  Hackers tend to have huge egos. The second you imply you’re better than they, boom, they feel the need to prove you wrong. Even if it results in a gold star pinned on their future convict suit.  This just means we have to start the ball rolling with our clients and be smart about the approach we take.

There’s nothing wrong with saying “XYZ company has invested X$’s to create a shopping (healthcare, banking, etc…) environment you can trust.  We’ve always been committed to earning your trust as you leverage our growing online resources… (or something to that effect).”  Wouldn’t you agree this is much better than the dreaded “Mr. Smith; we regret to inform you that your identity may have been compromised…” letter?  I haven’t even begun to mention the inevitable media backlash, and ensuing legal and mitigation costs.  Talk about a zero value, line-item expense.

To summarize, here’s what I’m saying.

IT security investments can and must be monetized.  It’s important to our clients and vital to our clients’ customers.  We like to brag about our investments in R&D, innovation, corporate expansion, new products, sales capabilities, customer service, etc. The time has come to add IT security to the list.  After all, IT security is a key part of a company’s feature/benefits; it represents a huge competitive advantage and is a true value to consumers everywhere.