Everyone who engages with a cybersecurity solution is subject to their own customer experience (CX). Irrespective of whether their involvement is ‘front line’ implementation and support or not, we all develop an opinion of what represents best practise, what works well and what doesn’t.
Despite the emphasis cybersecurity places on functional capabilities and goal-oriented priorities, ie – prevent and mitigate security threats – CX remains integral to the successful implementation of effective solutions and services. But in working out how to assess and optimise customer success, it’s sensible to actually begin at the end by understanding what each customer sees as a successful end state. For instance, where do they want to take their cybersecurity initiatives, where do they want to see improvement, and how quickly do they need to get there?
For instance, customers will typically base their goals for a particular cybersecurity solution around certain use cases or the problems that informed their procurement decisions. These use cases play a vital role in that they will also help determine their vision of the future and of the subsequent CX. These goals are not always specific or complete, so vendors should ensure their CX teams engage with customers early in the implementation process to help fully define success criteria and goals. But the point is, neither cybersecurity vendors nor their customers can hope to optimise customer experience without putting these foundations in place.
Success Requires Meaningful Metrics
In order to measure the breadth, depth and value of CX in the cybersecurity context, vendors have to go much further than superficial objectives such as, “Let’s make your remediation process more efficient.” Instead, they should focus on each customer’s unique definition of success by setting benchmarks and milestones as part of a roadmap to their desired end state.
In doing so, they must identify, measure and incorporate appropriate metrics and KPIs so customers will be able to understand and review their success. For instance, in the Vulnerability Management (VM) niche, traditional tools resulted in VM being dominated by overly simplistic views of what success should represent. Security teams would build reports focusing on the number of vulnerabilities remediated over a certain timeframe, irrespective of whether they were important, focused on risk or currently relevant. In reality, these would do little or nothing to address the most important question: to what extent has the overall business risk posed by vulnerabilities been reduced?
And therein lies one of the most important points: key to developing a CX success plan is introducing metrics that are relevant and meaningful to the customer’s environment. Looking at the VM context again, this means demonstrating not just that remediation teams are addressing vulnerabilities, but that everyone involved is working to reduce risk to the business. That’s a metric everyone can understand, including C-level execs, and will often result in a very different customer experience than a narrow focus which says, “remediate as much as possible”, and whose main reporting method is delivered via lengthy spreadsheets.
The Right Tools For The Job
For teams focused on Vulnerability Management, one proven way to present data in a more meaningful way that can significantly enhance the customer experience is to provide automated tools, such as risk scores and risk meters. These are crucial for making VM efforts clearly data-driven, and for intuitively communicating both status and progress.
In the case of risk score, for example, each vulnerability is assigned a score on a scale of 1 to 100, with 100 representing the highest risk. This shows the relative risk that a vulnerability poses to the organisation based on factors including the prevalence of the asset on which it exists, the likelihood it will be exploited by hackers or malware, and the organisation’s own tolerance for risk. That risk score helps security teams prioritise and manage each vulnerability, while also providing an evidence-based approach to help IT and DevOps focused on the same priority.
Working alongside a risk scoring tool, a risk meter allows customers to view their progress in reducing risk by department, technology asset group or other relevant category. As well as providing a meaningful representation of how effective risk mitigation measures are performing, risk meters are particularly helpful in communicating progress to non-technical audiences. In doing so, they also help ensure adoption and help security teams to demonstrate ROI from its technology investments.
Across the cybersecurity spectrum, customer experience is determined by a complex set of variables, but the CX processes can be significantly improved by establishing clear, relevant goals, meaningful metrics and by providing tools which all everyone involved to evaluate progress and achievements.
Steve has over a decade of experience in cyber security and transformation projects, his role at Kenna is to rapidly grow the EMEA organisation to meet the customer demand for risk-based vulnerability management. Prior to Kenna he held senior sales roles at Forcepoint, Citrix and Imperva, focusing on IT solutions for complex, enterprise requirements. Steve has a passion for driving equality, alongside enabling flexibility at work for modern living. He has held steering committee roles in companies looking to close the gender pay gap and develop careers for working parents, and strives to find and support equality initiatives across the workplace and industry.