Why integrators should adopt a risk management-based business model to generate a healthy enterprise security business
July 14, 2021
Enterprise security risk management (ESRM) is a strategic approach to security management that ties an organization’s security practice to its overall strategy using globally established and accepted risk management principles. ASIS International began incorporating ESRM as a global strategy for security executives in 2017, and a resulting ESRM Guideline was published in 2019.
ESRM is a heady concept that requires study for security executives to become proficient; however, using ESRM can also be vitally important to security integrators who are working with these “prospects” – often a Chief Security Officer, security manager or their designated representative.
I often ask enterprise integrators how they are marketing their products and services. I ask if they are content with current sales levels, number of clients and profit; and how long the sales cycle is for a new client.
Most importantly, I ask them what problems they are solving for their customers. In the context of security, selling is about solving customer problems and creating value. Enterprise integrators should be working with a goal of genuinely creating value with their solutions. They should understand a customer’s issues or concerns as their marketplace evolves, their risk changes, and their needs change.
This is where ESRM comes into play, as it can provide the framework for integrators to focus their solutions on problem-solving and creating value; thus, creating a successful path to being a trusted advisor and an ongoing business relationship.