Business Growth Webinar highlights: how to sell to CISOs and large enterprises

What drives CISO’s cyber security investment decisions and priorities for large enterprises in Ireland? 

Cyber Ireland’s first webinar in its new Business Growth Series, CISO Cybersecurity Investment Decisions,  looked to shed light on this question. The exclusive webinar for Cyber Ireland members focused on helping Irish cybersecurity solution providers to better understand CISOs investment decisions and priorities, budgets, and what they look for in a solution provider.

Cyber Ireland surveyed its CISO Forum to explore these areas. The good news is, investment is happening, with more than 50% of security leaders saying their budgets are up compared to 2023 (see the presentation below for a deep dive into the results).

Increased investment in multiple security tools

The survey revealed the size of the potential opportunity for solution providers: 66% of CISOs intend to deploy more security tools in 2024 than they did last year.

Asked what has the biggest impact on their cybersecurity strategy, compliance and ransomware attacks ranked almost equally for more than 60% of our survey group. Data breaches were the next most important issue, followed by  the security skills gap.

CISO strategic priorities for 2024

Our CISO panel listed their top four strategic priorities as: visibility, tools to automate security, enforcing existing security policies and enhancing security metrics.

CISO perspectives

The webinar also featured a panel discussion with two security leaders to discuss the survey findings and get their perspectives on what they look for in solution providers:

  • Gina Dollard, AIB’s head of cyber resilience and regulatory relations, and 
  • Brian Padden, VP of operational technology and security engineering and deputy CISO for the medical supplies and pharma company McKesson.

1. Be transparent about your solution

Solution providers should have a clear problem statement that describes the challenge the solve for the customer. Instead of pitching their product or technology broadly, they should understand where it fits in the buyer’s technology stack. Interoperability matters:  providers should explain how their solution will work with other tools the buyer already uses. Solution providers should be transparent on what their product or service can do – and also what it can’t.

2.  Be aware of the customer’s investment cycles

Many large enterprises plan their spending with “at least” a 12-month timeframe. “You could just come at the wrong time with the right tool.” If this happens, the selling company should be prepared to wait and cultivate a long-term relationship with the buyer. “It’s not just about the technology or the need.” Enterprises want partnerships, not just vendor-supplier relationships.

3. Be responsive to the customer’s needs

The solution provider should show the customer that they can provide proactive support. It also helps to prove your offering can scale. Even if the technology or service is small now, you may have an opportunity to grow that within the buyer’s organisation. “We look for agility and speed to market.” Be clear about what stage of development your offering is at. 

4. Be compliant where necessary

Larger enterprises often operate in regulated industries, and for compliance reasons they will do careful due diligence on their suppliers. Customers will want to understand how their provider’s security, policies and processes works, and that includes policies and processes work. Being certified to independent standards like ISO 27001 can help.

5. Find the opportunity for innovative solutions 

The panel noted that many enterprises allocate a portion of their budgets for innovation and new solutions to help solve key risks for the business. These may include:managing the risks of emerging threats or new technologies and replacing legacy or outdated technologies. The solution provider should identify where their innovative solution can help manage risk for the customer.

Ultimately, the message from the CISOs was for solution providers to be “emotionally intelligent” in conversations with buyers. Early discussions should look to find common ground and understand the customer’s security posture. They can unearth valuable intel such as where the customer has legacy technology they might be looking to update or replace.