Today, most companies know cybersecurity diligence is an
essential part of doing business. Yet, it may still be a bit of a surprise how extensively
cybersecurity has evolved to become an elemental business component that grows
revenue and opens doors for market expansion.From contracts and financing to mergers and acquisitions, an
organization’s information security profile is a requisite value-add – and more
an asset than a liability when attracting new customers, buyers and suppliers.Cybersecurity has wended its way so deeply into the core of
our collective business imperatives that enterprise valuation, investment
opportunity, customer acquisition, and other critical goals depend on a
company’s ability to demonstrate cyber health and resiliency.
In the Driver’s Seat: The Decision MakerIt isn’t only what they are doing with security, who
is making the decisions is shifting as well. While it may be common knowledge
that CISOs, CEOs, and even boards of directors are getting involved in cyber
decisions, the security buyer has also moved laterally in the organization.
Increasingly, business units are getting in the game: product leaders (who own
the P&L of the product or service) are making key choices on compliance
frameworks, security testing activities, and vendor selections to better enable
the success of their products in a security-conscious market. Cloud migration
strategies have also changed the mix of today’s security initiatives and
compliance activities, effecting the decisions these professionals make.Expanding Market Opportunities and Revenue through
SecurityWhether a company offers products or services, security is
becoming a necessity and, often, a contractual requirement. Where once the time
and costs of cybersecurity were considered unfortunate drains on business
resources with negative impacts on the bottom line, proof of cyber stature is
now a revenue enabler in numerous ways.Opening new markets: We are seeing many cases where
markets or nations require proof of cybersecurity rigor before they will
consider purchasing a product or solution. For example, the federal government
is the largest consumer of cloud services, and any provider wishing to serve
this market must comply with the Federal Risk and Management Program (FedRAMP) and/or
other frameworks to tap into this massive opportunity. According to our recent
research, 33% more cloud solutions were
approved for government use in 2018 than the previous year, demonstrating that providers
are embracing the compliance path to opportunity. Hardware manufacturers in some nations may need
to prove their products are free of cyber vulnerabilities before entering new
national markets by undergoing penetration testing or other security testing
processes. Some companies can open new markets through partnerships with
third-party solutions providers—but third-party risk management becomes a
needed part of the security strategy. Additionally, international markets are
more accessible with proof of compliance with frameworks such as ISO.Closing specific contracts: Customers no longer assume
a product or service is secure; many demand proof within their contract terms.
Examples include: a large university medical center being required to conduct
penetration testing, or they will lose NIH funding; a large telecommunication
company being required to comply with NIST to secure a GSA Enterprise Infrastructure Solutions contract;
and countless cloud service providers securing government contracts with the
provision that they obtain FedRAMP Authorities to Operate or other framework demonstrations.Positioning for investment or M&A: Cybersecurity risk has become
intrinsic to a company’s valuation. For investment or M&A activities, evaluating
a company’s cybersecurity posture is essential due diligence, as risk can
be—and has been—inherited and put deals and their prices at risk. This is a
tale that a prominent web services provider and retailer know only too
intimately: News stories have recounted cautionary tales of acquisition prices
plummeting many millions of dollars after unfortunately timed breach
disclosures, or an acquiring company being embarrassed by a breach disclosure
of their recently acquired asset.Building security proactively into the solution:Because
today’s savvy customer expects that solutions be secure, more companies are
building security and compliance alignment into their solutions early, rather
than waiting for a customer to demand it at signing. A prime example can be
found in cloud solutions: while significant opportunity exists in the cloud
market (Gartner predicts up
to a trillion dollars of spend will be directly or indirectly affected by
the cloud over the next five years), security
is still a top concern. To get ahead of the concern, 80% of our business
comprises service providers requesting assessment of their products and/or designs
to build cybersecurity into the product, proactively meeting market security
demands.Protecting the brand against revenue-impacting incidents: Security
incidents and publicly exposed vulnerabilities can damage a brand and hamper
future revenue streams. Many organizations are taking significant security
measures beyond compliance to defend against security incidents. Examples include:
helping a customer ensure a competitor can’t hack their unrevealed fashion line
before release; penetration testing automobiles to search for potentially
brand-damaging vulnerabilities before an incident can occur; conducting
comprehensive security testing of a medical device manufacturer’s physical
location to ensure physical security gaps won’t lead to malware implants that
can affect the hospital user base.As a security professional, it’s refreshing to see something
so critical finally being embraced as a core business function that drives business
forward. As
we enter a new decade, cybersecurity has emerged as a top-line,
revenue-generating component enabling expansion and growth into new markets. Organizations
are encouraged to make the best use of their security stature and promote their
investments to help gain competitive advantage – and to ultimately make
positive impacts on their bottom lines.Paul Kleinschnitz is the Executive Vice President at Coalfire, a
provider of cybersecurity advisory and assessment services.
There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]
It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news