SBN

How to achieve sustainable competitive advantage through cybersecurity

There is no doubt that companies are investing lots of money in cybersecurity lately – of course they are: with so many data breaches and expectations from key clients, this becomes a necessity in doing business. However, most of these cybersecurity investments are perceived to be purely IT costs, very often overhead, with little or no business benefit. So, is cybersecurity nothing but one of those mandatory things that no one likes, or can it produce some greater business good?

I’m arguing that yes – cybersecurity can help companies achieve much more than only produce a cost: it can help companies achieve sustainable competitive advantage, much like Apple is using it to differentiate itself from competitors by placing a much greater emphasis on the protection of personal data of users of its mobile devices and cloud services.

Cybersecurity can help companies outmatch their competitors by achieving 3 specific strategic goals:
  • Protecting existing competitive advantage
  • Creating new competitive advantage through product security
  • Achieving general customer trust

Most companies associate cybersecurity with compliance

In reality, most companies that invest in cybersecurity do so because of compliance – they want to become compliant with ISO 27001, SOC 2, NIST Cybersecurity Framework, PCI DSS, or some other standard or regulation.

They do so because they want to achieve some of the following:

  1. Get new clients – by certifying against, e.g., ISO 27001, they can get a contract with a new client who is very sensitive about keeping their data safe, especially if other bidders competing for the same client do not have such certificate.
  2. Keep existing clients – if a software company has a very important client who requires, e.g., SOC 2 compliance as a condition to renew their contract, then compliance becomes a tool (Read more...)

*** This is a Security Bloggers Network syndicated blog from ISO 27001 & ISO 22301 Blog – 27001Academy authored by ISO 27001 & ISO 22301 Blog – 27001Academy. Read the original post at: https://advisera.com/27001academy/blog/2022/01/21/cybersecurity-competitive-advantage-model/