For companies big or small, scaling your revenue securely is about building people, processes, and technology to help you deliver your value to market in the most efficient way possible. But shifting cybersecurity as a cost to an investment takes a shift in thinking.

Here are three tips to make cyber a business decision for your company.

Don’t fail at digital transformation. Whether you’re considering a digital “initiative” to stay ahead of competitors, reduce operational expenditure when possible, or simply drive efficiency to customer value delivery, transforming how you’re doing business should rest upon a foundation of security across your existing people, process, or technology. An effective cybersecurity program should drive confidence to your team to expand your tooling, processes, or delivery mechanisms with confidence. The alternate reality is you shift a working process to incorporate new technology, and something fails or breaks, causing frustration of your team and fewer dollars in the door. Here are a few tips that will help you make sound business investments in technology:

1. New technology or system can introduce new cyber risks to your company. As a result, it is good practice to balance the value gained with the risks absorbed. Establishing a “new product” risk vs reward process will reduce ad hoc purchases and introduce more sound thinking to your team’s decisions.
2. New technology purchases will come with vendor onboarding but beware of the challenges you face when those implementation or training hours run out. Ask for additional support hours as part of your purchase so that you’re always able to call a help desk for real support.

Secure design reduces long-term costs. Regardless of your business type, if some type of cyber-attack could affect your business outcome(s) — be it your product, the loss of sensitive customer data, theft of intellectual property, or disruption to service delivery — consider investments in your cyber program an investment towards the cost of future business operations.

For instance, manufacturers across virtually every sector continually balance “secure design” with efficiency/cost as they compete in the market. Their challenge: estimating future recalls and product “updates” to be paid for by future operational expenditure. The same can be applied to unforeseen downtime of a critical inventory, payment capture, or website system. In both cases, here are two tips to shift cyber from a “security cost” to a “business” mindset:

1. Work with your security vendors to develop a long-term strategy rather than quoting an “install and leave” project. Security vendors are businesses too. They will respond positively if you tell them you will offer longevity in return for payment over time. 
2. Amortize your costs this year into next year's costs of goods. If you can negotiate monthly or quarterly payments with your security vendors, adding 30-60 days of net pay dates, you’re already starting to shift security improvements realized tomorrow to costs you pay next quarter.

Your customers want you to have a great cyber program. Especially in regulated spaces like healthcare, defense, and other critical infrastructure sectors, there is a high chance your company’s cyber program must meet minimal cyber guidelines. Investing in the training, processes, and technology required to achieve some element of “compliance” is a must-have investment for doing business with big companies.

A mistake small companies make is allocating the minimal resources “reach the bar” without thinking about the risks. Employee turnover, scaling your business in new regions, and increasing purchase order sizes all carry a potential “new bar” you must reach on your cyber maturity. Building a cyber program initiative may help you increase sales. Imagine you say this in your next prospect meeting as you aim to win that big contract, “Additionally, we reviewed your cybersecurity supplier requirements online and are pleased to say we have certified documentation showcasing an evolving, continually improving cyber program that exceeds your requirements. We feel that adds to our differentiation.”

------

Ted Gutierrez is the CEO and co-founder of SecurityGate, a SaaS platform for OT cyber improvement.