As Gregg Steinhafel, a 35-year employee and six-year CEO, cleared his desk for the final time, said his goodbyes and departed as Target CEO, boardrooms across the world stood up, and took notice.
Over 40 million stolen debit and credit card numbers later, the Target data breach serves as a modern day reminder to C-level executives that security - in all shapes and sizes - remains a top business priority.
Any fly on any wall of any New Zealand boardroom will attest to that.
Yet when debating the changing face of security in the local market, while vendors, distributors and partners remain in close agreement that battening down the enterprise hatches is of chief concern, such enthusiasm for protection rarely translates into reality.
As purse strings seemingly loosen up across Kiwi businesses, what’s holding partners back from taking security solutions to market?
“How do you tell businesses about the bad news?” asks Skulk de Wet, Systems Engineer, Network Pro, Auckland-based internet and IT security specialists. “Do you sit them down and scare them? Or play it down so they don’t appreciate the significance of the problem?”
Customer balancing act
In the age of scaremongering by certain vendors in the security industry, de Wet details a catch-22 situation for partners - who are torn between providing full frontal analysis’s or watered down observations, depending on the sensitivity of the company and the decision-maker on the other end of the phone.
“There’s a balance to be had,” he adds. “It depends on who you are talking to. Some prefer to get down into the details and know exactly what is going on and refuse to let emotions get in the way, whereas others prefer a more measured approach.
“If partners do find a breach has occurred and the business has been compromised, it can be difficult to sell this to a new customer.
“We’re dealing with delicate issues and your ability to get the message across clearly is crucial. If you have a long relationship with your customer then maybe a more open, warts and all approach is allowed.
“But if this is a new scenario and you sit down and proclaim that the world is on fire, they could think you’re just trying to sell them something and completely shut down the shop.”
As de Wet, speaking as a security specialist in New Zealand, puts it, the ability of the partner to make customers realise there is firstly a problem, and secondly, the best ways to address this problem, leads to a healthy conversation starter, thus removing traditional barriers of entry when selling security solutions.
Every management authority on the circuit, whether that be in New Zealand or the rest of the world, accepts that loyal customers and repeat business provide the cornerstone of an organisation’s long-term success.
But in seeking innovative ways to develop new business relationships in the Kiwi market, Scott Green, Director of IT Infrastructure, Datacom, believes that pitching to fresh decision makers, who themselves are new in the role, on the topic of security can also be a help, rather than a hindrance.
“There is an element of truth in the belief that it’s easier when your customer is not having to protect poor decisions of the past,” he adds. “But in my opinion, because the landscape is evolving and moving at a rapid pace, the conversation has shifted.”
With over 15 years of IT experience to draw on, Green believes the points of discussion between partner and customer have progressed from those of the past, moving away from fears of public embarrassment to genuine concern around business continuity should a breach occur.
“The conversation is not about the value of the information or data they stand to lose, it’s more about whether the business can still operate and trade following an attack,” adds Green, offering a crucial new insight into the motivations of IT security buyers in New Zealand.
“Of course information and data remains a motivation, but their chief concern is whether their customer service will still be operational following an attack, or whether they can process transactions - this is an area where businesses are prepared to make significant investments.
“That’s got nothing to do with their information being let loose in the public domain, that’s where the real scaremongering comes into play.
“On the topic of business continuity, that is where the true impact lies, in the fear of saying; ‘Sorry we can’t help you today our systems are down.’ Customers think you’re not up to the task and that is where the real sell lies.”
For Green, the sell is no longer to the IT manager, or even the low end security personnel within an organisation.
The pitch is now delivered straight to the CEO, CMO, CFO - the people who, as Green puts, “really care about the customer.”