Opinion
How to Engage with CISOs During the Covid-19 Era
While we remain optimistic about the industry's long term viability in dealing with the coronavirus pandemic, it’s clear that in the short term, we must reevaluate how we operate under the present conditions
Unforeseen headwinds can strain the balance of any ecosystem, even one as robust as the cybersecurity community. Over the last few weeks, we've observed both enterprises and startups work diligently to cope with the effects of the coronavirus (Covid-19) outbreak, and while we remain optimistic about the industry's long term viability, it’s clear that in the short term, we must reevaluate how we operate under the present conditions.
Seed-stage cybersecurity investors are in a unique position to facilitate the communication and collaboration between cybersecurity entrepreneurs and the customers they serve. Following extensive interviews conducted with Chief Information Security Officers (CISOs) from YL Ventures’ Advisory Board and other executives in the global cybersecurity community, we compiled the following advice for startups to help them effectively engage with CISOs in the Covid-19 era. Everyone is adapting to a “New Normal” Many CISOs have been pulled into task forces to facilitate paradigm shifts in the way their companies do business. There is an immense strain on IT bandwidth right now, especially on security. Be aware that your value proposition is a small piece of the puzzle for your customers. Remember that your customers are also adjusting to working from home, finding childcare alternatives, dealing with at-risk family members, and a whole slew of common issues. Budgets are in flux, meaning that most security teams are triaging their budget allocations accordingly. Given that most enterprise security budgets will suffer to some extent, now is not the time to make new purchases. It remains to be seen exactly how security spending will be quantitatively impacted, and it’s too early to know for certain how budgetary allocation decisions will be made. Security executives are as anxious as you are to sort this out, so be patient. Long term brand perception While most CISOs don’t love cold outreach to begin with, this is a particularly bad time to spam the market with your value proposition. Security executives are blacklisting vendors exploiting the current circumstances and will continue to do so more aggressively if this sort of communication continues. CISOs are simply in no position to manage cold calls as they race to support enterprise-wide workforces. It’s never a good idea to break the ice with a panic-driven pitch. Tactics that lean heavily on Covid-19 messaging are being especially ill-received. Even if your solution’s value does fit well with the current narrative, focus on value, and let customers draw their own conclusions about why your approach is as important as ever. CISOs talk to each other, and this fear-mongering will only hurt your reputation across this tight-knit community. Build goodwill. Though the situation is difficult, it does present an opportunity to stand out as a positive contributor. Public statements and contributions with positive messages and impact are welcome, such as webinars or other types of free content to share useful information. Consider supporting local clinics or emergency organizations pro-bono. Find ways to build relationships without focusing on sales. As one CISO said, “When the dust settles, the question will be: did you help? Or were you bugging everyone to hit your numbers?” Strengthen existing relationships Focus on providing value and forget about short-term revenue. Don’t haggle over things like cost per seat or other metrics that might normally make for a good and honest negotiation. Do whatever you can to help your current customers—they need it, and they will appreciate it.Leverage your existing relationships to discover what your customers truly want and incorporate that feedback into your product roadmap. Ask what feature or value would make you more appealing when this outbreak is over. In general, this is a good time to focus on product and research and development (R&D)—dollars into R&D will continue to improve your business.
Take time to think about what the world will look like once this difficult period is over: what can you perceive about the way consumers will behave, and how they will work? Design for that. These are valuable conversations for security teams.
Talk with customers about their experiences and ask questions about what they are seeing and learning. Share what you’re hearing as well. It’s a tough time to talk dollars and cents, but security professionals are open to talking. This is a good time for information sharing.
Facilitate communication. One way to bring value to your existing relationships is to introduce them to other customers in similar situations. We all have much to learn from each other, especially now. Be liberal with your network, and try to provide value beyond your core offering.
There are tough times ahead but there is no reason for your company to weather the storm alone. If you have investors and advisors, lean on them. While you have likely been singularly focused on your company’s success, others will have a broader view, and their input on their internal functions will prove valuable to your own decision-making processes. The industry will certainly get through this, and will very soon again be thriving. Actions now will not soon be forgotten, and the challenge that each cybersecurity startup now faces is how to build the best business possible while doing right by the community.