Editor’s note: The opinions expressed in this commentary are the author’s alone. Brad Thies is a principal at BARR Advisory, which has offices in Kansas City. BARR Advisory, a cloud-based security and compliance solutions provider, specializing in cybersecurity, is a financial partner of Startland News.
Click here to check out more of this three-part cybersecurity series from BARR Advisory.
With cyberattacks and data breaches on the rise, consumers have grown increasingly concerned with how companies use, protect, and store their data. A survey from Ping Identity found that 63 percent of consumers believe that a company is always responsible for protecting their data. And according to the same survey, 81 percent of consumers would stop engaging with a brand online following a data breach.
These statistics highlight the importance of trust and security in the marketplace. Your customers want to feel secure, but they want the reality of security as well.
Securing any system comes with a price tag, and security spending has drastically increased over the past few years. Gartner estimates $150 billion will be spent worldwide on security and risk management in 2021. And while the increase in spending reflects a higher priority on security, it remains an unfortunate reality that many organizations skip over necessary security measures in order to cut costs.
When the average cost of a data breach in 2021 is $4.24 million, according to IBM, it’s understandable why security spending is on the ride. Using a cost benefit analysis, spending on appropriate security measures is always going to be less expensive than the direct and indirect costs associated with a data breach.
When it comes to security spending for startups, it’s important to draw the line somewhere. Instead of trying to purchase every security tool, focus on the solutions that work the best with your system. A trusted security partner or advisor can be helpful to determine the right tools and appropriate budget.
When security is used as a differentiator, it means that a business is thinking first and foremost about security as a core business function, not a compliance exercise. When organizations view security as a financial burden or a simple exercise in compliance, it is inevitable that corners will be cut and vulnerabilities will emerge.
For SaaS companies, using security as a differentiator often looks like building security into their system early on, during the startup phase. When a company designs and architects their system to be secure early on, they’ll be more prepared to handle security risks and compliance regulations in the future.
Once security is architected into a system, using security as a differentiator is much more than marketing the controls your business has in place — it means communicating transparency around the system’s security. This transparency is the most important part of security as a differentiator. Security becomes a mechanism that can be plugged into both your ecosystem and your customer. It’s important to also have marketing collateral to communicate information on your cybersecurity posture transparently. That way, when a new client or partner asks about your system security, you can position yourself as a partner on their journey.
What can a startup tangibly expect when they do bake security into their system early on? Consumer trust, and easier time scaling, and money saved in the future.
For both consumers and other businesses, startups often seem inherently riskier to trust their data with. Securing your system and communicating your security practices early on can combat that. It also makes it easier for startups to eventually scale without taking on security debt in the future — while baking security into the system may involve some spending earlier on, it will cost less than down the road when a business has a larger customer base.
Security comes first, compliance follows. This sentiment rings true for using security as a differentiator, as well. Once security is built into your system, compliance is then set to follow, allowing you to find common ground with stakeholders and communicate how you operate as a business. With compliance, you can speak the language of the industry, win more business, and reduce friction in your sales cycle.
Ultimately, prioritizing security and going beyond compliance as a checkbox exercise isn’t just good for your business — it makes a major difference for your customers and partners. When you communicate those efforts transparently, you can set your business apart from the competition.
BARR Advisory is a cloud-based security and compliance solutions provider, specializing in cybersecurity consulting and compliance for Software as a Service (SaaS) companies. A trusted advisor to some of the fastest growing cloud-based organizations around the globe, BARR simplifies compliance across multiple regulatory and customer requirements in highly regulated industries including technology, financial services, healthcare, and government.
Interested in learning more about gaining traction in your cybersecurity efforts? Contact BARR Advisory today.