Growing UK cyber

CISO wishlist: what can startups do better when selling in to enterprises?

Businesses are being bombarded with more cyber attacks in a greater number and variety than ever before. But while this could be considered good news for cyber startups to sell new solutions to enterprises, they still need to provide products that are attractive to an array of organisations. 

With a plethora of products on the market, it’s important that CISOs are able to seek out the best products to meet their specific needs – as well as understand what is best value for money. This is especially true in the wake of the pandemic,with homeworking changing the cyber needs of most businesses.

As the number of cyber attacks taking place continues to grow, we’ve also seen a proliferation of solutions that both potential customers and investors find hard to navigate. Despite this, it’s important CISOs cut through the marketing nonsense when finding the best product. And for me this always centres around value for money. 

A common solution I recommend organisations implement is an enterprise password manager, since most cyber attacks in the workplace are a result of weak passwords. It’s easy for businesses to implement and a robust password or access management policy can prevent a lot of damage being done by cyber criminals. 

Training is another solution that’s is also good value for money, since employees frequently fall victim to phishing attacks. For example there is Beauceron, which educates employees on what phishing is and looks like – as well as the importance of not clicking on suspicious looking links. 

It’s a massive red flag when cyber startups market their product as a silver bullet by stating one specific product alone is the solution to all the cyber needs of an organisation. This is rarely the case, with a multitude of different products working side by side required to provide adequate protection. 

Having a product that integrates with an enterprise’s existing IT infrastructure is key for a cyber startup to consider if they want to take the market by storm. It also helps if a product is easy to set up and is either maintained as part of the package or requires little maintenance. 

Put the customer first and thw power of clear communications 

Startups that take a more personable and case-by-case approach often come out on top. It’s important to understand what a customer requires. There’s no point in building a fantastic product if it’s going to be tricky for a customer to use. If it requires them to recruit a cyber specialist to manage and operate, it will be a much harder sell. 

Startups also need to speak in plain English and avoid marketing patter that states the obvious. CISOs and security staff will be very busy, so your initial approach is key. Cold calls and generic marketing emails will be off-putting for many. 

Personally, I’m at my most open while at conferences and seminars. It’s great to hear about a case study of an existing customer and have the chance to see a demonstration. Work hard on your elevator pitch to obtain that initial spark of interest. Pay attention to the usability and visuals of your product. Your user base is likely to be very different to the person signing off the budget. For example, a security analyst will want to manipulate the data every which way whereas a CISO will want to see the trends, and the CTO will be considering whether the dashboard will look good displayed on the wall to impress new customers.

It’s important startups do all they can to provide the solutions customers are after and to stand out from the crowd. Understanding the customer and providing products that meet their needs must always be at the front of mind for a startup wanting to make waves. 

Cath Goulding, is a CISO at Nominet – the company that guards the UK domain registry and delivers cyber services to the government and enterprises.