Security as a product AND Monetising Security

It is safe to say that in many businesses across the world information & cyber security are not considered as a business function that can increase revenue, of course there are the exceptions such as consulting & managed services, but how can sectors like e-commerce, media, healthcare and many others use security as a product and a USP of their business to drive revenue and customer attraction.

In this article we have explored why we trust certain brands, the human psychology behind this and how security can link with generating revenue. Ashish Shrestha who is a strong believer in this way of thinking will also be joining us and to help us convey some of these points. Having held director level positions across numerous sectors, including gaming, telecoms and media Ashish knows first-hand how organisations can monetise and make security a USP.

The first questions we came to when exploring this is, why do we trust certain brands over others? Grocery stores that provide our food, banks that hold our money, and tech giants with our laptops & phones? If you really think about it, there are hundreds if not thousands of brands that we trust that don’t necessarily give us any reason to. As an example, many of use will have opened our first bank account with the exact same one our family member use. It is easy and more convenient.

The same can be said about many of the brands we shop with, most of the time we stick to what we know and never really think about what we don’t know. As an everyday consumer, we do not quantify risk in our day-to-day choices. When it comes to decision making, it would not be entirely incorrect in saying that human emotions and experience play a pivotal role in what we do.

The notion of Information Security as your competitive difference

Information security can certainly play a part in influencing and empowering unorthodox levels of success in a business, it can elevate your brand to the next level of customer trust and satisfaction.

First things first, human decisions are tiggered by emotions and not logic. You don’t have to take our word for it, but numerous research has been conducted and is available to strengthen this fact. We humans build a psychological connection with a particular brand, product and/or services, more often than this, connection has to be emotional and contextual association.

People are drawn to a brand not just because of a specific feature or product but because of set of beliefs and values that we connect with. Our intrinsic DNA is built on a need for association and engagement beyond a core product or service.

Above is not just hypothetical, for example, you can see that businesses are actively taking a stand or becoming an ambassador for a societal cause (Climate Change, Animal Cruelty, Plastic free, LGBTQ. Etc) as this drives and emotional transformation that inspires the consumer and creates a deeper connection with their brand. This is magnetic and statistics prove that it can actually help not just reputational growth but financial growth.

So, cutting to the chase, in this era of security and privacy, we believe Information Security could be one catalyst in creating a paradigm shift when it comes to power of association with a particular business, brand, product and/or services.

Why now?

“The world’s most valuable resource is no longer oil, but data” – The Economist

The shift in consumerisation

The paradigm shifts in in the following areas have by far diversified information security and privacy landscape.

  • Consumerisation, where everything runs on connectivity and data
  • Technology advancements, such as AI (Artificial Intelligence), ML (Machine Learning) and profiling on data to drive more business growth opportunities
  • Everything as a service model (EaaS)

Consumer awareness on Trust, Transparency and Authenticity has exponentially grown in the last 3-5 years.

Additionally, the above diversification is directly proportional to enlarge the cyber threat landscape creating more opportunities for attackers at all levels – nation state espionage to organised crime groups driven by financial motivation to malicious groups looking to impact lives and livelihood of humans.

Organisations and institutions that are not aware of their cyber risk landscape and preparedness of crisis management are being brutally exposed to the impacts of cyber scrutiny. This resulting in further sanctions at multiple risk levels – reputation, regulatory, financial and operational to name few.

Information security and privacy are longer a zero-sum game play when it comes to business development and for that reason the subject can no longer be pigeon-holed to a being a nice to have for organisations with discretionary time, resource and budget.

We must change our approach

This is a not necessarily a mastery in rocket science.

Technology now dominates and permeates our personal and professional lives. Information is just everywhere. Businesses looking to triumph in an age of digital transformation need to incubate disruptive approaches in building “Secure by Design” frameworks in both their products and services.

The above directs the future of digitally enabled businesses globally, it is reliant on trustworthiness and secure information system. For the benefit of the customers and the global economy, businesses need to take unapologetic and non-negotiable approaches in secure by design and privacy by design in both

  • Improving digital experiences
  • Secure enterprises

In contrast, Information Security can and must evolve from being seen just a maturity service, Incident Response Unit and Policing Compliance (Do as I say) and transform into a bold and rapid innovation and contribution in business and brand growth.

Nike, Apply & Disney logo

We have discussed a number of points so far in this blog and Ashish has an interesting view on what connects Information and cyber security to mainstream business and going beyond controls and programs, Ashish calls this the 3c’s principal.

Be Creative – Be Compelling – Be a (business growth) Catalyst to optimise Efficiency, Speed, Flexibility, reduce unnecessary sophistication and cost overhead.

Question the traditional belief or status quo.

Be Creative

Be conscious about accelerating the innovation with optimisation. Speed up the decision-making process and go immersive on the common vision and let your creativity juices flow in evolving how security can play a part in resourcing and fuelling innovation and resilience. Share ideas and play a Distinctive role in sparking creativity within the business.

Be Compelling

Be absolutely clear in empowering and not make businesses dependable. Communicate, communicate and communicate! Don’t rush with your binary checklist. Connect and go deeper on the innovation but keep a 30000 feet lens view (Step out of the picture) and understand what balls are plastic and what balls are glass. Focus on the benefits to the customer matrix and the business. Do everything, explore every option to generate thirst in the horse and where to add value beyond due diligence.

Be a (business growth) Catalyst

Be crystal clear on the objective and articulate “Why” and “What” in terms of consumer benefit and/or brand advantage. Trigger a change to attribute success beyond budget, revenue, spend and RoI. This is necessary, define your success by trust and shift the mindset change in comparison to industry insights. Offer value in terms of resource to strengthen business resilience on contractual obligations, confidence and trust. Be Authentic to trigger business growth based on reliability, loyalty, stability and longevity. Collaborate with marketing team to showcase this as a commitment to build authentic relationships with your customer in accelerate the trigger change in their safer digital experience and wellbeing.

Opportunity to position your brand as a Trusted Provider

Infosec programs incorporating more than technical deliverables

Pre-Sales Opportunities

  • Industrial insight – What gaps and/or weaknesses exist at the industry levels
  • Learn from Consumer behaviours – Feedbacks, CS queries, frustration and trends
  • Pioneer growth opportunities – Trigger shift to address the gap – Grow by insight

Post Sales Opportunities

  • Invest in continued commitment to customer wellbeing by providing safer digital experience
  • Help customers stay ahead of credential theft and data breaches
  • Organise Cyber Security Awareness campaigns – online, offline, subscription based 

At the time of Crisis Management



  • Reinforce organisational values
  • Put your customer ecosystem Trust and Authenticity on top of the list
  • Be timely and transparent with the facts – Be apologetic – Be efficient in providing remedial fix
Think USP - achieve competitive advantage

So now what?

Covering everything in this topic is near impossible, and with technology and security constantly evolving we could talk for pages and pages. There are also people who will disagree with a lot of what has been said, and this is great, it will create conversation and thought-provoking ideas about security as a USP and if this is even possible in today’s world.