Some introspection is good for the soul they say, and I can’t help but try and apply that to how we, ie so called cyber security professionals, approach prospective clients, or indeed, converse with existing clients.  Is there a certain smugness involved where we believe we know best and whether we do or not, try and push what we think a client should have, rather than what a client needs.  Does this attitude, no matter how hard we try to suppress it, make prospective clients wary of what we have to say?

Of course we have our methodologies, particularly regarding risk management, and I am a great exponent of getting that right, but how many of us take the time and make the effort, to understand the clients situation.  It’s what we used to call situational awareness.  It didn’t just refer to a client understanding their own situation, but us appreciating that situation as well.  After all, not all clients, even those in the same vertical and the same size of business, has exactly the same problems.

A lot depends on who you are and who you work for.  The larger IT system integrators and consultancies do take the time to try and understand their clients.  In fact, going back to the early 2000s, working for a multinational IT product and services giant, we never actually outright tried to sell anything.  Our salespeople at the enterprise level, were very much relationship managers, they built relationships with their clients, got to know their businesses and made suggestions that the client might be interested in.  The mantra was that people buy from people, not from brands.  Brands are great in the marketing context, building awareness and a market presence, but they never seal the deal. 

Of course, at the start of a sales year some bright young thing sporting an MBA and a burning ambition would move the salespeople around, ruining years of relationship building and vertical knowledge, because ‘it needs shaking up’.  The end result is hacked off employees who look elsewhere and hacked off clients who think, well, if I have to start with someone else, I’d might as well see what else is out there.  But that’s a whole other story.

Research your client, understand their business, make sure you’re building a relationship with the right person.  Understand the industry, their pain points and needs.  Only then can you really start to craft a value proposition and call to action that the client can relate to.  Foster that relationship, make sure that not every call you make is about your products and/or services, make it more personal.  Above all, be genuine, it pays off in the end.

I guess what I’m getting at is that it really is all about building relationships with people.  You can have a deep understanding of your subject, fantastic product knowledge and a sparkling personality, but if you talk down to a prospective client, come across as in anyway condescending or patronising, you’ve lost the game.  You have to listen, ask intelligent questions, show that you are really interested in understanding the issues that face this prospective client, and make suggestions that might be suitable to solve the pain points being put in front of you.

We decided a couple of years ago, to offer a service which we entitle Board Advisor (https://hah2.co.uk/why-use-an-independent-board-advisor).  The point was not to try and sell solutions, not to try and sell any particular product, but to work with our clients to identify the issues they really do face and work through those issues to identify potential solutions that will help them in their business by protecting those critical assets that would cripple the business if they were not available or were corrupted in some way.  It’s all about putting appropriate measures in place before disaster strikes and preventing the vastly higher costs of recovery post-breach, from immediate financial impacts to lasting reputational damage.

The security threat landscape is becoming both more sophisticated and easier to exploit by the less sophisticated.  This seems to be at odds but such things as artificial intelligence (AI) is transforming nearly every industry, including cybersecurity. Whilst AI enables enhanced threat detection and response, this powerful technology can also be weaponised by cyber criminals. As AI-driven cyber-attacks grow more advanced, organisations must act quickly to implement robust defences.  Trying to keep abreast of this whilst running a business and focusing on your core requirements, is daunting and frankly, you’re not going to succeed.

If you’d like to discuss the art of the possible, give us call.