As cyber threats continue to rise, more and more businesses can expect to see an increasing number of inquiries from prospective customers about their level of cybersecurity. These potential customers are coming with expectations about the security and confidentiality of their data as a prerequisite of doing business.
This request often comes from corporate counsel. Sure, they will want to know you have adequate cybersecurity insurance. But, most important is the knowledge and assurance that your company has the necessary security infrastructure and protocols in place to meet the level of security and resilience they require for their data. They want to feel confident that their brand reputation is safe with you. This is how your investment in cybersecurity can be a revenue generator.
Imagine if you could quickly respond to any inquiry with a confident “yes” under each of the most common requirements? Being able to guarantee a highly secure system will make it easier for potential clients to do business with you, and for your existing customers to do even more business with you. They want to be compliant and if they know you are as well, it paves the way for more business opportunities.
What are some of the most common requirements?
- Your systems and technology infrastructure must be robust, responsive and resilient. You must have implemented the appropriate controls, including those available to help secure emails, are in place to safeguard data and business communications.
- Your staff must have access only to the systems they are authorized to use and operate within the scope of their defined roles and responsibilities.
- You must ensure that all data and confidential information held or transported anywhere on any device be encrypted and protected against corruption, loss or disclosure.
- You must be prepared to assist in any investigations, and prove that you have adequate policies, procedures and tools in place to protect your company against cybersecurity threats. Financial institutions, in particular, expect this should you come under suspicion.
But that’s not it.
If your company uses shared service providers for solutions such as records management, H/R or cloud services, it is your responsibility to ensure that those vendors’ information security, technology and risk management controls and processes are no less stringent than those they are requiring directly from you.
Yes it’s a lot to consider. But consider this -- if you achieve that level of security, not only will you be confident about assuring prospective customers of your ability to keep their data safe, but you will be 90% prepared to apply for any insurance coverage you may not already have in place, because they will ask you many of the same or similar questions.
Each one of the requirements above deserves a far closer look, and I intend on taking on each one in future LinkedIn articles. If there are any questions you’d want me to cover that aren’t listed, please do let me know.
One final note on this article -- if you already have invested significantly into these protections, make sure your existing customers are reminded of how secure their data is with you and how seriously you take that responsibility. Not only will they appreciate it, but it often leads to unexpected new business and referrals!