FILTER

How to Use Your Security Program to Win More Deals

Categories: SOC 2 Tags:

A good security posture sells. 

There, I said it. 

If you’re in sales, you already know this. In fact, I’m willing to bet you’ve lost a deal at some point in your career because your security was less than ideal.

Maybe the prospect didn’t like how you responded to their security questionnaire? Perhaps your competitor provided a higher level of security assurance than you could? Whatever the case, losing a deal because of security can be frustrating. Especially since it feels like something that’s completely outside of your control.

Today, we’re going to change that. We’ll show you how to make your company’s security posture central to your sales narrative.  

Which will help you win more deals…

And collect more of those sweet, sweet bills.

Start Advertising Your Security Program

Even if you have the best security program on the planet, if nobody knows about it, who cares?

Too many businesses fail to promote their security. And it costs them.

To be clear, I’m not suggesting that you invest money in a big ad campaign. I’d actually advise against it. What you can do is become more transparent about your security program. And there’s no better place to do that than on your website. 

For example, we built a page that provides security assurance to prospects and customers. That way, they have proof that we’re a trustworthy vendor. We outline our security philosophy, link to completed security reports like SOC 2 and ISO 27001, and highlight our privacy policy. We even share a comprehensive report that covers the ins and out of our InfoSec program. 

We’re definitely not alone in this. Look to Google Cloud and Microsoft for some other solid examples. Putting your security program front and center is important. If a prospect looks you up, you want them to know that you’re safe to work with. Having a page that outlines your posture does that.

PS: Create better answers to RFP security questionnaires in less time and start selling more by downloading A Step-by-Step Guide to Acing RFP Security Questionnaires.

Sell a Security-First Culture

Before you can sell a security-first culture, you’ll need to build one. We’ve written more on that here, for those who’re interested.

Once you’ve got a security-first culture in place, you’ll want to make sure it’s embedded in your sales process. That way, your prospects can experience it firsthand. Unfortunately, this doesn’t magically happen. 

You need to make it happen.

Address your InfoSec program before a prospect asks you about it. Why? Because this demonstrates that you work at a company where security is always top of mind. It establishes your business has a security-first culture.

Here, timing is everything. For example, getting into the nitty-gritty of your security program during a discovery session is going to be too heavy-handed. 

So, here’s what we recommend.

For starters, provide information about your compliance program in your sales deck. You should already have a credibility slide. It might include your customer logos, industry awards, and recognitions, among other things. You can incorporate the security frameworks you’re compliant with within this slide. 

Remember, subtlety is key here. The point is to show, not tell. Those in the know will take notice. They might even throw a couple questions your way. If they do, be sure you’re prepared to answer them. Having sales enablement material to use post-pitch always helps (more on that below).

Make Security Central to Your Value Proposition

Now, if your security program doesn’t come up organically during the pitch, that’s totally okay. In fact, in many cases, it won’t—unless you’ve got a security maven in your buying center. In that case, you’ll want to bring it up before advancing to the trial or POC stage in your sales cycle.

The rationale behind this is simple. It allows you to be proactive since your prospect won’t be asking about security until they conduct technical due diligence. 

It enables you to provide more context about the product or service your prospect will be testing. Specifically, that it provides market-leading security. Without that context, there’s no way for a prospect to know. And they really should, since security should be a key component of your value proposition. Plus, it’s a massive differentiator in today’s marketplace.

Of course, saying you’ve got market-leading security is one thing. Proving it is quite another. This is why you’ll want to back yourself up with the right sales enablement material. There’s plenty you can do here, so to keep things simple, we suggest getting started with two key documents:

  1. Your InfoSec program document
  2. A security assurance report

These elements should assure even the most discerning of potential customers that you take cybersecurity seriously. More than that, they should prove that you’re a trustworthy business.

Final Thoughts

Your security program doesn’t just protect your key data assets. It also defends your reputation. Beyond that, it allows you to build trust with prospects and customers—if you know how to use it. By implementing some of the tactics outlined above, you can use your InfoSec program to establish credibility, differentiate yourself from competitors, and win more deals. 

As always, if you have any questions, don’t hesitate to reach out to us. We’re always happy to help.