Throughout 2021, we've had the opportunity to speak with over 200 leaders of risk advisory firms focused on supporting clients with challenges related to cyber, privacy, and more.
Through these discussions, we've identified five challenges advisors around the world are facing right now.
Solving for these challenges has driven, and will continue to drive, our product innovation and roadmap.
This article follows discussions over the past year with over 200 CEOs and practice heads of cyber security advisory firms and managed security service providers (MSSPs) worldwide. Coupled with the 6clicks innovation strategy and vision for the industry, you will learn strategies and about the innovation available to scale your services business.
More than ever, cyber security is entrenching itself at the top of the agenda for businesses and governments worldwide and across every industry. Of course, companies can't protect themselves alone; they need help from advisors or augmented staffing solutions at a minimum.
Compounding the situation, cyber security professionals are harder than ever to find, and salary expectations are breaking records every month. Despite efforts from the education sector, the demand for skills and expertise well outstrips supply. This makes attracting and retaining the ‘best of the best' harder than ever and the need for more effective techniques to scale your services business.
6clicks was founded on a mission to make risk and compliance easier for both businesses and advisors. For this reason, we focus on innovation and strategies to help your business scale.
There are various nuances across different regions and markets. However, overall, there are five major, common challenges faced by leaders of advisory firms and MSSPs:
The underlying value is the quality of their advice, and as such, there’s natural anxiety associated with maintaining this quality. As more people join a firm and in situations where the demand is acute, there can be a natural dilution of quality. Part of this relates to the fact that, as we are all human, and with a growing workforce, it’s hard to engrain manual processes and re-use intellectual property to maintain quality. The use of analytics, particularly benchmarking, is often identified by advisors as the holy grail of consulting, providing the perfect mix of value and insight expected by clients nowadays. The ability to generate benchmarks and analytics relies mainly on the effective use of technology to support the capture and ongoing analytics.
For years now, advisors have released their ‘annual insights’ publication striving to claim a position in the market as a thought leader. In reality though, the data supporting these publications relies almost exclusively from (manual) ‘client listening’ exercises as to perceived trends, issues, or thematics rather than being based on aggregate and anonymous data from real work operational systems. In addition, most of these publications are either backward-looking or simply a set of loose predictions.
With growth comes the complexity and layers involved in managing a larger workforce. This complexity makes maintaining realization and utilization targets problematic, and at each increment of growth, this becomes harder. The answer for many advisors to protect their margins is to increase rates. Increasing fees and providing a more sophisticated offering to a more sophisticated client ultimately results in a smaller overall market susceptible to disruptive innovation (where a complex service offering is made simpler and more affordable).
A challenge with any services business is that growth is limited to the number of highly skilled consultants. And these consultants are increasingly hard to attract and retain. At the same time, it seems near impossible to efficiently service the small, medium, or ‘lower end’ market. We all know that these markets represent the next wave of revenue growth and are the future of any services business. The alternative is to offer a niche and tailored service to an increasingly small market. Doing both is critical for high growth.
The underlying value is the quality of their advice, and as such, there’s natural anxiety associated with maintaining this quality. As more people join a firm and in situations where the demand is acute, there can be a natural dilution of quality. Part of this relates to the fact that, as we are all human, and with a growing workforce, it’s hard to engrain manual processes and re-use intellectual property to maintain quality.
Just about all services businesses try to address the challenges of scale and profitability by offering managed services with predictable annuity-based fees and services. Assuming you have the systems and processes in place, this approach provides an elegant way to scale your business. Many cyber security advisors are also looking to integrate their managed SOC offerings or technical assurance service offerings with governance, risk, and compliance offerings.
The above challenges highlight several strategic objectives you need to have in place, as follows:
There are then two essential considerations in determining which meets your needs:
Both these are critical considerations for all services businesses.
There is a range of approaches to addressing the needs of leaders and overcoming the problems highlighted in this document. These approaches, include, but are not limited to:
All of the above have been options for some time, however, at 6clicks our platform represents the next generation of multi-entity and white-labeled GRC we call 6clicks Hub & Spoke™, explicitly designed to support the interplay between advisors and clients.
We are here to serve a purpose of easier, more efficient, and automated GRC for advisors, MSSPs, and clients alike.
Here's a short list of new releases and what's headed your way before Xmas:
So, think PCI-DSS ROC reporting (section 6). If this (painful) process now is familiar then consider the impact of going from audit (requirements-based assessment) to report at the click of a button. To boot, the report is generated in Microsoft Word format so you can then edit/amend and finish off the report offline ready for submission directly to the standards body.
What’s better, is to imagine being able to define the ‘bundle’ – the standard/framework, audit, or assessment template and then the Pixel Perfect™ report template all in one hit, ready for download and use within an in-app marketplace.
MSSPs and cyber security advisory firms tend to have two major divisions or practice areas - a) technology assurance and b) governance, risk, and advisory. These two worlds are typically run separately save a common sales and relationship management activity. That said, in the clients’ interest it's important that technical vulnerabilities along with strategic and operational risks and issues and managed in a single spot. So, that’s what we’ve done – made it really easy for you and your clients to see and understand the big picture including technology, people, and process views of the world.
Back when 6clicks was founded we invested in artificial intelligence. It was a research project at that point and there was a high degree of experimentation since then to find the most effective application of AI and in fact, the requisite component parts that make up an intelligent and automated integrated system.
The upshot was our use of two ‘engines’ used widely in the field of artificial intelligence in this space – natural language processing (NLP), and machine learning (ML). When Hailey (our AI engine) was born, the first cab of the rank was Hailey’s application to identifying similarities across provisions; in essence, identifying the overlap. The business case here is pretty obvious and reporting in the platform speaks to the benefit – if you are aligned or compliant with framework X, then where are the gaps with framework Y?
More recently, Hailey’s taken another (big) step, this time focused not on reducing the compliance footprint and overlap between frameworks or standards, but rather identifying the coverage a control set has in relation to a standard.
Imagine if you could define a library of issues and risks, along with their associated candidate actions and risk treatment plans. And, for each audit/assessment response, you define the risks/issues that would apply based on the response? From there, your consultants just need to 'pick and go' - as easy as 1-2-3.
Our brand new reporting and analytics suite is about the be unleashed. Total game changer. Stay tuned. The best of 6clicks is yet to come.
Developing a holistic view of your organization’s GRC program utilizing 6clicks creates immediate value and ROI for your organization. Leverage your first mover advantage with a renewed approach towards governance, risk, and compliance. Download this free eBook that explains the Paradigm Shift in Modern Governance, Risk & Compliance.
Ready to get started on your GRC journey? Let 6clicks show you how easy bringing your teams together and curating your single-pane-of-glass landscape can be.
All we want to do, every day, is make the world of GRC easier to manage. We can't do that without you, so we hope to hear from you real soon!
Fast, clear, smart, agile. #NoSpreadsheets 🚫