Herjavec: Sell risk mitigation, not security

The veteran MSSP says there’s a tremendous amount of opportunity to be found in data protection for solution providers who can learn to speak the risk language of the C-suite.

Robert Herjavec, CEO of Herjavec Group

MIAMI — There are incredible opportunities for a wide variety of solution providers in security and protection, but the biggest winners in a crowded field will be those who speak about protection at a business level, according to Herjavec Group CEO Robert Herjavec.

Speaking at Acronis Cyber Summit here, the veteran solution provider and TV personality thanks to his roles on first Dragon’s Den and then its US-based sibling Shark Tank, Herjavec said the secret to the success of his business has been moving from talking about technology to speaking the language of the C-suite.

“The further up the stack you go, the less technical the conversation becomes,” Herjavec told attendees. “When I go see a CEO, CIO, or CISO, I’m not talking about logs or SIEM; I’m talking about risk. The business we’re in mitigating risk for companies.”

And acknowledging that, he said solution providers “have to change the tone” of the discussions they have with customers to differentiate themselves in a crowded marketplace.

“When we were a $5 million company, we talked a lot about bits and bytes and data. When we got to $250 million, and we’re selling more to larger enterprises, we changed the conversation to a business conversation.”

Aligning with the overall tone of the Acronis event here, Herjavec said there are many opportunities around the convergence of security and data protection. It makes sense, he says, because ultimately, what customers are trying to do is protect their data and their core business information.

“You’re going to see security and protection come together,” he said.
Protecting data will remain a hot spot for a long time, he predicted, because of several factors. First, there’s the fact that the amount of data out there continues to explode. On top of that, that data is more connected than ever before, and it needs to be to have value.

Then there’s the nature of the security and protection industry itself. The average enterprise, Herjavec said, has 72 security solutions. And there’s no “800-pound gorilla” incumbent in security that checks every box for any given customer. That means there’s tremendous complexity that customers face in trying to protect all of their data and systems.

“We’re in one of the very few industries that have extreme growth, and extreme fragmentation,” he said. “You’d think that after all this time, customers would have figured it out. But I’m telling you, they haven’t. There is so much opportunity out there.”

That opportunity is coupled with the well-publicized shortage of skilled professionals, meaning that “every company is having trouble hiring security people.” That’s a challenge that solution providers face, but that’s also an opportunity.

“That’s one of the reasons managed services is growing so quickly in security,” Herjavec said.

The demand for protection will also be driven even higher up the priority list as more and more legislation mandates it. In the past, Herjavec said, proper data protection was in the “Carbon monoxide detector” category — something that everyone knows they should have, but relatively few do because it’s not mandated. But the piling on of legislation, starting with PCI and moving forward with GDPR and beyond, is moving data protection into the “smoke detector” category — something that businesses will invest more in because there are real consequences to not complying.

“No CEO wakes up in the morning and says they want to spend another $40 million on cyber data protection. But now they have to,” he said, noting that his company helped build out protection for a client that was motivated by PCI compliance because they were facing $1 million per month in fines due to non-compliance.

“There are more and more compliance requirements coming. Our industry is going to get a lot bigger,” Herjavec said.

Robert Dutt

Robert Dutt is the founder and head blogger at ChannelBuzz.ca. He has been covering the Canadian solution provider channel community for a variety of publications and Web sites since 1997.