The government has refused such claims but the fact that the deal will otherwise save the taxpayer £120m over five years wasn’t the sole reason a non-British supplier was chosen. No, the government cited Gemalto’s superior track record on cybersecurity, which says a lot about cybersecurity’s lofty new status, as a “kingmaker”. Security is no longer the grudge purchase it once was – deemed necessary to mitigate the risk of reputational damage, operational disruption and lost business. A good reputation, robust security posture, and strong commitment to regulatory compliance can actually help organisations win new business and contracts. As such, SMEs should treat cybersecurity as the competitive differentiator that it is, by enhancing security processes and investing more in technology and training. Businesses that do so can then place their security status front and centre to elevate themselves above the opposition.
Why it pays to keep customers and partners happy
Cybersecurity is also vital for customer retention, not just acquisition. Just think how many people you know who used to be with TalkTalk five years ago versus today. If people lose confidence in a business, they are more likely to jump ship and move to a competitor. Estimates suggest that TalkTalk’s breach cost the company more than £60m in total. This can be less obvious but no less devastating in the B2B world, in which businesses may not need to suffer a breach to lose clients to a competitor. Today, enterprises are acutely aware of the risks posed by increasingly complex supply chain ecosystems, with hackers regularly seeking to compromise bigger organisations by targeting smaller partners and suppliers. Naturally SMEs want to do business with larger enterprises, so it’s vital to not be considered a weak link in the chain. Furthermore, as bosses introduce new products and services, they must ensure they hold their third-party suppliers to higher security standards. To avoid being caught out, suppliers must regularly assess and refine security processes and technologies.
Meeting buyers’ expectations
On the other side of the fence, what is it specifically that businesses procuring products and services are looking for from their suppliers from a security perspective? First and foremost, the single fastest way to be overlooked for a contract is a failure to meet core cyber hygiene standards, such as that endorsed by certification schemes such as Cyber Essentials and ISO 27001/2. Good practice supported by such initiatives includes: – Patching out of date software and applications – Ensuring that safe provisioning and network management policies are in place – Hardening the configuration of computers and network devices – Securely setting-up and maintaining boundary firewalls and internet gateways – Performing regular vulnerability assessments To even bid for a government contract related to the handling of sensitive or personal information, organisations require Cyber Essentials certification. It is increasingly a prerequisite in the private sector too. While practicing basic cyber hygiene is an important first step, SMEs should strive to improve their security posture as far as possible beyond minimum standards. Data breaches are now an operational reality and businesses cannot afford to rest on their laurels and operate in the belief that their traditional security controls such as firewalls and antivirus will protect them. This approach is too reactive and has proved countless times to be woefully ineffective at safeguarding organisation against the latest advanced threats. To significantly reduce cyber security risk, all businesses should look to commission regular assessments, such as penetration testing, as well as implement controls and procedures to swiftly detect and respond to threats that evade the network perimeter. Nowadays, the risk of a data breach is far too big for any buyer to ignore. Whether working for a government agency, traditional enterprise, SME, or even a fledgling start-up, buyers are inherently risk averse and, in 2018, this means they will choose brands and business partners that will help keep their organisation’s data and reputation intact. Only suppliers that meet the latest data protection standards and are firmly committed to cybersecurity best practice will thrive in an increasingly competitive and hazardous digital economy. Andy Kays is CTO at threat detection and response specialist, Redscan
We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.