Security: Don’t Forget To Address Risk
If solution providers want to make the business case for security to their clients, they need to have the right kind of conversation about risk, according to Scott Borg, director and chief economist of the U.S. Cyber Consequences Unit, a nonprofit that focuses on fighting cyberattacks.
Where security sales normally go wrong is when the discussion with clients includes false promises, gets too technical or focuses on fear or bogus cybersecurity metrics, Borg said.
CHANNEL ADVICE: Borg said solution providers should have conversations around the business risk of security. Specifically, they should look to quantify the risk cybersecurity poses to a business, then focus on how technology can reduce that risk and make it as manageable as possible, he said. Having a conversation about the direct risk value cyberattacks pose to a business helps business leaders understand the real impact an attack might cause on their business, and, from there, make informed investment decisions about opportunity cost and risk tolerance.