The era of simple threats and simple solutions is way gone, its not Virus and Antivirus anymore.
I am going to focus my article on the Microsoft EMS5 (Standalone or packages with 365 E5) package because I think it illustrates best the level of sale process complexity and simultaneously the huge value if you “get it right”.
Firstly – and it’s a big one – don’t approach the sales process from the “which components the solutions have” perspective.
EMS E5 for example has the following components:
As an IT Manager, a CISO , a CIO, or a Consultant you need to know in detail all the components and their exact functionality and inner connectivity, but your clients, your board members or decision makers, (in most cases) won’t know and won’t WANT to know.
You need to approach this from the – “What are the THREATS to the organisation and how does the solution mitigate the threat” perspective
The current cyber security landscape becomes so complex, so quickly, it’s unlikely your clients or board members will be fully focused on “catching up on cyber” or cyber solutions (this is your job! Not theirs.)
A good single, short example of this is looking at what happens in a single process with the EMS E5 package (not going into all details).
This is one single procedure! I honestly don’t expect my clients to understand the full process. During a sales process its just too complex to dive into, and it even has a negative value in the sales process because you are diving into deep “techy waters” with usually non “techy people”
We need to make it simple and quantifiable instead of trying to make non-experts into experts for the sake of demonstrating value.
You don’t focus on the solution’s components and what they do, you focus on the threat, for example a “Data Breach/Leakage”.
First you need to quantify what is “Cost of threat to the company”
Once you quantified the threat cost, you need to quantify the mitigation level (Solution Contribution in “Boardish Language” )
Your Clients and Board members need to understand the size of the Threat and how much the solution you are proposing is contributing to mitigation.
During a sales process, its all about the finding the best solution or package of solutions to mitigate (reduce the threat size) of your biggest threats.
Each company has different threats , it cant be “generic”, it must be “company specific”
Going back to the Microsoft EMS E5 example, how to sell it, You sell it via the threats it helps to mitigate, for example – What is the Efficiency, TPF ( Threat protection factor in Boardish Language) of EMS E5 against Data Leakage:
If Data Leakage is the biggest threat to your company, and there is a solution that helps to mitigate it by 80%… it becomes a much simpler sales process, a much simpler decision for your client or board
With cyber threats being so vast and complicated and the solutions are even more complicated, its VERY HARD to sell cyber security. We need to change our approach.
Explain why/how your solutions work, to a non-techy audience.