This article recaps the first part of our VP Customer Success, Chief Diversity Officer Sydney Archer’s virtual workshop of the same name at SaaStr Annual 2021.
Business trust incidents are on the rise and increasingly visible to everyone making trust an inescapable issue for companies. TechJury notes that globally, 30,000 websites are hacked daily and 64 percent of companies worldwide have experienced at least one form of a cyber attack. So in our digital age, it’s no longer a question of if a company will experience a breach or trust incident, but when.
Prospects, candidates and VCs need to know you’re trustworthy before they sign the dotted line. Because once they do, you become a steward of one of their most valued assets—their data and their customers’ data.
Without trust, even your bottom line is at risk. For example, Accenture’s Competitive Agility Index reported 4000 companies that experienced a drop in trust, the revenues at stake equated to at least $180B.
So contrary to popular belief, cultivating trust is not a nice-to-have but a hard necessity.
There is a lot of research around trust. Why? Because it is a powerful force. It’s integral to all human relationships, whether personal or professional.
If you want to stay competitive in today’s world, trust must be central to your company’s overall strategy. However, telling potential customers, investors and employees you’re trustworthy isn’t enough.
Kent Grayson, an associate professor of marketing at the Kellogg School and faculty coordinator of The Trust Project at Northwestern University, breaks the element of trust into three key dimensions or pillars.
- Competence
- Honesty
- Benevolence
Competence seems straightforward. But honesty and benevolence, two tightly intertwined elements of trust, are a bit trickier. People make judgments on these factors in milliseconds.
So how do you cultivate trust quickly and effectively so you can acquire new customers and stand out with investors?
How can you prove, objectively, that you’re trustworthy?
Establish Credibility in the Marketplace and Acquire New Customers Faster
Your credibility needs to extend beyond the boundaries of the features of your product. You must address your credibility in protecting your customer’s assets. By demonstrating that your business has the proper security measures in place, you are showing that you recognize the trust they need to place in you and take responsibility for protecting their investment.
This is where your information security (InfoSec) program comes in. Your InfoSec program is a documented set of policies, controls and procedures that your organization has in place to protect your business processes, data and IT assets.
A good InfoSec program addresses all aspects of your commitment to your customers and shows:
- You’ve looked at the greatest risk areas and have plans in place to mitigate those risks. For example, all systems patched regularly and data is encrypted in transit and at rest.
- Your business is prepared to act quickly if one of your safeguards fails; you have incident response plans, backup and recovery procedures.
- You have measures in place to ensure you meet your service-level agreements (SLA’s), not just for product uptime but also response time for customer requests for help.
- You keep your employees aware of your security policies and trained in recognizing phishing emails and social engineering tactics.
Transparency—Explain to Prospects How You Collect and Protect Their Data
Because your InfoSec program is documented, you can be transparent with your prospects about your security practices early in the sales cycle.
Arm your salespeople with InfoSec data and offer it up proactively! Share your InfoSec policies, your incident response plan and your data collection practices. It establishes that your business has a security-first culture and demonstrates your competence, integrity and goodwill.
Don’t wait for customers to ask you to complete a security questionnaire. After all, the most requested items on a security questionnaire are requests for your InfoSec policies and procedures. So, get ahead of your competition and have it ready.
Frameworks, Regulations and Third-Party Vetting—Signifiers of Trust
If you really want a leg up, try complying with more formal security standards. Even if you don’t have an established security program today, working towards one of those standards can help you accelerate that process. Frameworks like SOC 2 can highlight areas you may not have considered, and they require documentation and established processes that other organizations easily understand and quickly recognize.
Attestations are a lot of work but it’s why they’re the gold standard and signifiers of trust. SOC 2 is a differentiator for organizations that want to show they have standards in place and have them tested by an independent third party. That goes a long way in establishing credibility.
And as a bonus, attestations often replace SQR’s, saving your team time.
Demonstrating Your Business Is in a League of Its Own
Your InfoSec program is even more important to investors because it addresses risk head-on and facilitates the necessary transparency part of their evaluation process.
Start With Risk
As reported by Fundera, approximately 20 percent of small businesses fail within the first year. By the end of the second year, 30 percent of businesses will have failed and by the end of the fifth year, about half will have failed. And by the end of the decade, only 30 percent of businesses will remain, resulting in a 70 percent failure rate.
A serious breach can take down an early-stage company in a moment.
Over the last two years, Sydney has worked with numerous customers who started building out their InfoSec programs and/or pursuing an attestation solely because they were beginning a funding round. They knew that investors wouldn’t give them a second look without proof of an InfoSec program.
Red Canary found that while most organizations follow best practices, the research shows room for improvement. For example, as many as two in five organizations fail to perform compliance audits of partners and 37 percent of companies lack an employee security awareness program.
Having attestations like SOC 2 or ISO 27001 that require Vendor Risk Assessments (VRAs) and security awareness programs assure investors that you have the right processes in place and that you follow through.
InfoSec Programs Facilitate Transparency
Investors use models to help differentiate between risky investments and stable ones. Proving you’re a good investment is reflected in your company practices, books, and your reputation.
Having gone through a Series A funding round in early 2020 and most recently, what started as a Series B funding round that led to Tugboat Logic’s acquisition by OneTrust, Sydney understands that complete transparency is required before any investor will sign on. They will open every drawer in your metaphorical dresser.
Investors perform due diligence so they’ll dig deep into your books, policies, and practices. They want to validate that you deliver on your promises. For example, suppose your Privacy Policy states that you don’t sell information to third parties. In that case, they will cut and run if they find a bill of sale somewhere else in your files. So you want to make sure your contracts are solid, you have strong policies, you follow them, you haven’t accepted crazy redlines from clients.
Reputation and Ethical Responsibility
Trust goes beyond the books and includes valuing and cultivating a diverse and inclusive company culture. Investors want to get involved with companies that align with their beliefs and their ethical values.
The investor that led Tugboat Logic’s Series A funding round is passionate about Diversity and Inclusion. As a result, a component of their diligence process includes getting diversity metrics from companies they’re evaluating for investment.
And they aren’t the only ones. The 2020 RIA Investor Opinion Survey found that 73 percent of respondents invest in organizations providing opportunities for the advancement of women and diverse groups.
So live your values! Hire diverse talent. Be proud of supporting and sharing your values. Your integrity and values are crucial to your success and cultivating trust.
Check out Trust Part 2: Your Biggest Competitive Differentiator For Attracting and Retaining Top Talent to learn more. Or watch the full presentation here.