Could your Business offer a Cyber Security Service?
The Cyber market is significant and constantly growing, with new entrants emerging almost on a daily basis often propped up by VC or private investors who see this as the next dot com. The problem is that without a ‘silver bullet’ product or recognised sector expertise, there is little to differentiate these consultancies who often offer little more than a ‘me too’ offering which is set to fail in a market that is fast becoming over broked.
However despite this wealth of choice there is conversely, a significant opportunity for firms that with a strong and trustworthy reputation and a ‘captive’ client base to provide additional cyber related services into their portfolio. The trusted partner status of a client relationship is hugely valuable in a market where the proposition is security of a company’s information. Firms that have professional services at their core can offer cyber services to their clients from either an internal or partnership white labelled approach, creating an additional revenue stream for little investment.
We are already seeing this across the market with high street banks, telecoms providers and insurance firms amongst others offering levels of cyber protection and service to clients and individuals. So why not professional services firms – where the links and trust with FDs, CROs are already in place.
Leveraging their client base
This has already begun in the legal sector, where large global law firms have built their own cyber security consulting practises to leverage their existing client base. They also possess a huge captive audience internally, where experienced lawyers each have their own client base that carries a level of cyber risk. Whereas previously, the lawyers would have turned to an external cyber expertise, they can now access skills from their very own cyber practise down the hall. It’s a win-win for them as they maintain more control of their case whilst keeping the money within the organisation.
Similarly, we’re seeing insurance firms recruiting cyber consultants to help clients understand their cyber risk and in some cases, also offer an incident response service, in effect providing a managed security service, assessing and remediating risks, pricing and issuing coverage alongside SOC and incident response services. Having an added element of consulting expertise as part of a ‘wrapped’ insurance agreement adds a huge benefit and sense of assurance to their customers.
When thinking about cyber risk, everyone is vulnerable – every company that holds information is at risk and their customers are vulnerable. So are other professional services organisations missing out on an opportunity here?
We’ve started to see changes in the cyber security world, with mergers and acquisitions taking place as companies realise the value of working alongside cyber experts, e.g. Aon and Stroz Friedberg, Control Risks and Hiscox. But what if your professional services firm can’t find the right cyber business to partner with? Could you start to build your own practise?
If you already have an existing portfolio of clients using your service where trust and confidence has been built up over many years of excellent service and advice, could you sell additional services such as cyber if you had the capability?
Let me put it another way: you’ve identified a cyber security awareness issue in your firm. Who would you ask for a solution? An external supplier with whom you have no relationship or an established provider that you know and trust?
There is a clear gap in the market when it comes to the professional services industry – and some huge opportunities. Many firms could take advantage of their customers’ cyber risks and sell consulting services to them. All they need to do is build their very own capability or find the right partners to offer a white labelled service.
How to build your own cyber security team
If you already have the structure, the tools and the finances to run a professional services firm, it wouldn’t take much to build a cyber arm. You would need to start with a strong leader, someone who’s commercially driven, who is always happy to be in front of clients and the face of the company. Once you’ve identified the areas of cyber security you want to specialise in, whether this is penetration-testing, incident response, cyber risk strategy, security operations management etc. you can go to market to find cyber security professionals to be part of your strong and robust team. You already have the reputation, the strong brand image, the client base and the back office functions, so what’s stopping you?
If you’re reading this and thinking “It’s not that easy to get cyber talent” then don’t panic. Hawker Chase’s network of cyber professionals is vast, but in addition to this, we also run a cyber security training academy alongside PGI in Bristol, where we retrain ex-military personnel, those returning to work, ex-police and neuro-diverse candidates, giving them a long list of GCHQ accredited qualifications and the soft skills to succeed in a consulting role.
There will always be challenges when recruiting cyber expertise, it’s a very competitive market and there is a well-reported shortage of top tier candidates. However, most cyber professionals work in this field because of the work they’ll be doing. Being able to offer them something different, something that has an element of risk to it and gives them the autonomy to grow will help you attract and secure the best candidates. Another challenge is to make sure you have your own house in order when it comes to cyber security: are your networks secure? Do you have the right tools and resources? Are you on top of GDPR and where your data is kept? Making sure your own firm is leading the way will definitely help when selling your services to external clients, as well as showing them you have the capability to deliver!
Partners offer a cost effective route to test the market. Should you think that you have a receptive client base, then educating your partners or BD professionals or hire a specific security specialist BD professional. We can then introduce various organisations to build out a cyber ecosystem to offer to your clients. This will range from high level strategic cyber advisors with considerable experience gained from being a CISO at major global organisations to those with specific expertise gained within Government or the Agencies. There are small specialist consultancies with industry specific expertise and of course market leading, tried and trusted technology for each element of the cyber ecosystem. This is in effect a try before you buy strategy as should you grow this revenue stream as the owners of the client base you can begin to build your own business.
Get in Touch
If this is of interest then we would be delighted to come and meet and give you an overview of the market and investigate the various opportunities presented by this growing and dynamic market. Email us or call 0203 824 0872.
To download this article please click here