Cybersecurity gets lots of press these days and for good reason. The impact of a cybersecurity event on your clients’ business dwarfs most conventional security incidents, other than extreme workplace violence or random acts of terror. Unlike other security events, cyber attacks can be stealthy, represent long-term financial liabilities and negatively impact customer trust in their brand. Not a good day if you happen to be the CIO, CISO or CEO who must answer to their board and shareholders.
As a systems integrator, what is your resistance, risks and opportunities to include cybersecurity in your product offerings? The obvious business resistance I hear most is, “We don’t have the experience, expertise or talent to work in the cybersecurity market,” and “We are not sure how we dip our toe into this cyber pond.” The less obvious reason is time: “We are so busy running the business we know, how can we possibly take on something this complex, scary and out of our comfort zone?” Does this sound familiar?
When the business is running, I understand why you might raise these objections. However, those who build sustainable businesses adapt, innovate and prevail as history shows … recent history actually. Let me ask you, did you have the same thoughts, rationalization and internal discussions about IP video 10 years ago? Are you installing IP video today? How did you get there? Did a customer or project require you to adapt or would you lose the opportunity? One toe at a time my friends! Let’s delve into the dipping process for cyber.
The risk is getting left behind by your existing customers and new prospects who are very concerned about the ongoing threat of cybersecurity, that’s what. If a competitor offers all the traditional security services you offer, has a pretty good reputation like you do, is competitively priced like you are plus provides some cybersecurity offering, well they just differentiated themselves right past you. Trust me; it won’t be about price either! I appreciate the business philosophy of sticking to your knitting until the market wants buttons on their sweaters and you only knit pullover sweaters. If you recognize that this cybersecurity thing can be a manageable risk worth exploring, then the return is GROWTH. Specifically, profitable growth, which is the only growth a business is really interested in.
Look first at your existing customers. Have a management-to-management discussion about their concerns and plans for cybersecurity protection. Nothing in my book reduces the queasiness of uncertainty like looking a customer in the eye and understanding how you can help them get what they need. I suggest shooting for three to five conversations over a six-week period. Salespeople are welcome to tag along, but understand, to uncover opportunities this is a more senior-level discussion. Expanding your service offerings to existing customers is by far your lowest cost of sales and highest profit margin sale — period.
Next is recognizing that you can’t show up for a game of hardball with a Wiffle ball in your glove. Take the time to explore the rules of this new game and align yourself with a business network that understands these rules. Finally, explore the level of demand/concern for these services with your trusted fans/customers. Recognize that the cybersecurity landscape is populated with many levels of protection, hardware/software products and cybersecurity as a managed service (CSaaMS). Start with the basic cyber hygiene of the products you currently sell and install such as IP video, access control and intrusion systems.
Are you compliant with industry best practices for cybersecurity hardening? If not, this is your first step. Second, after these best practices are part of your installation disciplines make sure you let your customers know what you are doing to protect them. This is a great way to differentiate yourselves in your market. Look for CSaaMS partners that are also seeking out partners in the physical security arena and will share revenues (spelled RMR) for bringing them new customers. The key here is allowing these partners to do the heavy lifting with expertise, experience and services while you remain relatively passive but persistently observant.
These revenue streams can help you begin funding training of your teams, recruiting new talent, and exploring baby steps into the cybersecurity marketplace. Of course, as with any new endeavor there’s a good news/bad news scenario. The good news in this case is that your existing customers will appreciate you bringing them vetted solutions to help them get what they need. The bad news is that you will have to become comfortable building partnerships and letting go of some control, which in our industry is often our biggest challenge.