Businesses, governments and individual Internet users are under siege. Not a day goes by without a report of a major security breach that leads to compromised records. The security problem has become so acute that it’s now being addressed at the highest levels of the Obama administration. And awareness is so ubiquitous that even the most novice computer user understands the need for security measures.
According to the Ponemon Institute, the average security breach in 2012 cost $3.8 million. According to Verizon Business’s annual security report, nearly all reported breaches were unsophisticated, meaning they didn’t require special skill or technology to pull off.
It’s statistics like these that explain why security is a top priority for businesses across the board. Security spending is expected to climb as much as 6 percent in 2013; among small and midsized businesses, security spending is projected to increase as much as 12 percent.
Security is a major challenge facing businesses, and that makes it a major opportunity for solution providers. But this opportunity is more than just selling point security hardware, software and services; true success in security and risk management comes from establishing practices that understand risks and threats, assess customers’ needs and apply adequate levels of security that balance risks and costs.
As cryptologist Bruce Schneier is famous for saying, “Security is a process, not a product.” Meaning it takes more than just antivirus or a firewall to make a business secure. Solution providers can make good money selling security products, but real profitability comes from developing practices that include the ability to help customers understand security risks, develop processes and policies that mitigate risk and then sell and support products that manage risk exposure.
According to The 2112 Group, solution providers earn up to 70 percent margin on professional services, while earning less than 20 percent on conventional hardware and software product sales. If the bulk of an engagement is professional services, particularly those that involved soft skills like policy development, the opportunity for earning far greater profits is higher.
Security practices have other advantages, too. Customers of security specialist solution providers are more apt to remain customers, spend more money per user or device, and accept the technology and service recommendations of their provider. They do so because they have experience that the solution provider is providing them with the right guidance that results in higher security and acceptable costs.
The other thing that security practices do for solution providers is create a competitive differentiator. Solution providers that carry security expertise as much as products are more appealing than those simply selling products.
Learn more about building security practices in the The 2112 Group’s upcoming webcast, “Modernizing Your Security Business,” on Thursday, Aug. 22, at 2 pm. ET. The Webcast is free and will contain the latest data and best practices for getting the most out of security opportunities.