Corporate research firm Forrester predicts big changes for cyber security in 2015, including an increase in businesses looking to spend money on data security. But not all of it is good news.
Forrester's predictions are a mixed bag for IT contractors. The firm predicts…
- Big increases in IT security budgets, including double-digit growth in some sectors.
- More scrutiny of data security policies from corporate execs.
- More awareness of data breaches when they happen.
- More botched responses to data breaches.
Why these big changes? After the rash of data breaches in 2014, businesses are looking to increase their security. While more will be at stake for these companies, many of their personnel will be unfamiliar with data breaches and mismanage the response. In short, more people will be in the game and there will be more money on table. Let's take a closer look at what this might mean for the average IT contractor.
Why IT Contractors Could Face Greater Scrutiny in 2015
Companies have begun to understand that data breaches are expensive and can ruin their reputation. They're starting to want more from their IT security. But you could face increased scrutiny for another reason.
In previous years, your client's CISO and technical staff oversaw your security work. But now, data security is being discussed at the board level, which means that C-Level executives' jobs will be on the line. A data breach could mean a CISO or CEO gets fired as investors and board members look to hold someone accountable.
Data security is no longer just an "IT" thing – it's a now a company-wide concern. That's the way it should be (and it explains the increasing budgets), but it also means an increase in your professional liability. In addition to firing staff, clients might sue the IT contractor they consulted over their data security.
(For insurance to cover professional lawsuits, see Technology Errors and Omissions Insurance.)
How Will Data Breach Responses Change in 2015?
As security software improves and businesses pay more attention to their data, more breaches will be spotted. But many of these breaches will occur at companies that aren't used to paying attention to data security. That means we're likely to see companies fumble their responses.
It also means that IT consultants will have to pay extra attention to educating their clients about data breach responses. For instance, clients new to the game might not know there are state data breach laws they need to follow and that these laws typically require them to contact anyone whose data has been lost.
If you're hired to review or upgrade a client's data security, make sure you discuss their response plans. If you don't, the company might mishandle a breach, which will only increase their legal and marketing losses and ultimately make them more likely to sue you over damages.
IT Sales Tips for 2015
Given how quickly the IT world can change, it's important to adapt your sales strategy. Let's look at some small changes you can make to the way you approach clients:
- Don't over promise security. Clients – particularly clients who don't currently have a robust data security position – may expect you to offer breach-proof security. But that simply doesn't exist. You'll have to educate naïve clients to the reality of IT security. Clients have to focus on minimizing risk and limiting damage.
- Understand that you're selling job security. The employee you're talking to during a sales call may feel extra pressure from bosses and know that if they mishandle data security, they could be fired. Spend extra time listening to the client's concerns and offer a specific solution for their data security.
- Upsell your clients on security consulting that includes auditing their data breach response plan. If clients don't have a data breach response plan (or it's outdated), you have an opportunity to sell them additional services they'll need.
For more IT sales tips, read, "3 IT Sales Tips to Help You Avoid Becoming a Free Consultant," which offers a guide to closing sales and understanding IT from your client's perspective.