Is it time to break up with your cybersecurity services provider?
New clients come to us for two main reasons. One, they’ve never used a cybersecurity services firm. Two, they fired their existing security provider. Here are the top reasons we hear why clients choose a new cyber vendor and symptoms of a successful client-vendor relationship.
Reason #1: Misaligned Expectations
Expectations can be misaligned at many points throughout the relationship, but it often happens starts during the sales process. If initial conversations aren’t transparent and candid, vendors can overpromise to please the client and underdeliver. It’s critical to document and agree on roles and responsibilities. Doing this well is fundamental to avoiding scope creep, ensuring the client’s priorities and needs are met, and solidifying a positive, longer-term relationship.
Reason #2: Lofty Goals While Ignoring the Basics
We believe that 80% of good cyber protection equals good operational best practices. Somewhat related to reason number one, some vendors focus on achieving lofty goals for their client without ensuring that the organization has good basic cyber hygiene in place in areas like Asset Management, Change Control, Device Lifecycle, etc. Clients might not realize that their best investment might be addressed by simple advisory and execution support.
Reason #3: Vendor Only Addresses What Client Asks
A cybersecurity services firm must add value. If we only take the client’s “order” and provide only what they ask for without asking the right questions and understanding the client’s business and cyber objectives, we’re not doing our job. We must add value by seeing beyond what’s in front of us and making recommendations in the client’s best interest.
Reason #4: Consultants Don’t Tailor Engagements
Some vendors hand over their best practices to the client or sell a standard set of structured services without meeting the client where they are. One size cannot fit all clients and those vendors who stick to a rigid delivery model are missing an opportunity to become a client-partner.
Reason #5: Never Become an Extension of Your Team
When a client doesn’t think of their cyber vendor’s team as an extension of his or her own, something fundamental is missing. The relationships that yield the most value and positive impact to the enterprise are those where the client just picks up the phone or shoots an email without hesitation.
Reason #6: New Client Leadership
If the company has a new business or technology executive, they may wish to make a permanent change or seek out a new vendor for their annual audit.
Reason #7: Lack of Transparency
Related to several other reasons, trust and transparency are fundamental to ensuring the client’s needs are understood and met. Clients need to be comfortable sharing critical information and consultants need to ensure timely and consistent communication around progress, concerns, and status.
Reason #8: Using Consultants Just to Validate Executive Opinion
When this happens, no one benefits. If a client just wants a vendor to validate current thinking without making their own assessment and recommendations, it can lead to dire consequences for both.
Reason #9: Hiring Familiar IT Vendors with No Cyber Track Record
Beware if you hear, “Let’s use xyz firm because they’ve done a bunch of IT projects for us and I’m sure they can help with cyber too.” It’s important to vet the firm’s capabilities and experience or risk compliance and security gaps aren’t addressed appropriately. And, it could turn a fruitful IT relationship sour.
Reason #10: Vendor is Acquired
If a cybersecurity firm is acquired, if there is inadequate communication and trust built, it can raise concerns that cause the client to begin looking for an alternative provider. Many clients don’t want to accept the risk of inevitable changes and disruption that an acquisition can create.
Secrets of Successful Cyber Vendor-Client Relationship
When a cybersecurity vendor-client relationship works, the benefits far outweigh the agreed-upon deliverables. Your team gains cyber confidence. Your company’s security matures. You can achieve your business goals via appropriate cyber controls.
Here are five characteristics that we’ve seen as the hallmarks of success:
- Your vendor is a partner where value goes beyond the contract. You’ve benefitted in ways beyond what you hired the firm to carry out.
- Your executive leadership sees the value of robust cybersecurity.
- The vendor engages more than IT, but has access to connect with teams around compliance, risk management, and business resiliency.
- Your staff makes time to work with the vendor, knowing that cyber issues can’t be addressed by outsiders alone.
What Makes a Win-Win Vendor Relationship for You?
If you’re experiencing any of the top 10 issues listed above, let’s talk. It can be refreshing to discuss your unmet needs and see a better option for achieving your business and cyber goals.