Why unlocking the full potential of your cybersecurity investment isn't just about the tech [Q&A]

For enterprises, making the right cyber security investment isn't just about selecting the most advanced technology. To truly get the best return, decision-makers must also consider the strategic and financial aspects of their choices.

We spoke to Ben Vaughan, chief commercial officer at Bridewell, to discuss how by engaging with the right teams, businesses can ensure their security solutions are not only technically sound but also aligned with their long-term financial goals and sustainable growth.

BN: What has driven the shift in emphasis away from technology products and towards supporting cyber services?

BV: Services bring something that technology products alone can't match -- an essential combination of adaptability and human expertise. They provide the flexibility to respond to changing circumstances, the reliability to maintain operations under pressure, and the responsiveness needed to address issues as they arise. While advanced technology remains important, these qualities make services indispensable for organizations looking to stay resilient in an unpredictable environment.

Recent software disruptions have highlighted this need. A seemingly minor issue, such as an API misconfiguration, can quickly spiral into a major disruption, like halting airport operations. Without expert support, organizations can struggle to respond effectively. Service providers step in to fill this gap, offering the practical assistance businesses need to overcome challenges and keep running smoothly.

This shift has led decision-makers to reconsider their priorities. It's no longer enough to simply have cutting-edge tools -- there's a growing recognition that true value comes from pairing technical innovation with dependable, ongoing support. Together, these elements ensure organizations can stay agile and prepared for whatever challenges come their way.

BN: What do businesses now need to consider when they evaluate cybersecurity solutions?

BV: Businesses must balance technical and strategic priorities when evaluating cybersecurity solutions. The technical capabilities of services remain crucial. For example, SOC services must incorporate threat detection, cyber intelligence, and incident response capabilities to help defend organizations against cyber threats. Similarly, XDR services should incorporate endpoints, cloud, networks, on-premises telemetry, and real-time management for alerts.

However, technical features alone are not enough. Procurement teams increasingly need to evaluate strategic and commercial factors, such as whether services include guarantees against underperformance, or protections for consistent breaches of SLAs. This dual approach ensures the solution aligns with both operational requirements and broader business goals.

BN: Is flexibility becoming more important to buying businesses?

BV: Businesses are increasingly prioritizing flexibility when purchasing cyber products and services. It used to be quite common for organizations to sign for perpetual software licenses or five-year deals for managed security services. But there’s much more of a hesitancy now to commit to long-term contracts, and they're opting for shorter-term deals. It's a change which is reflective of the financial pressures organizations are under, and the need to adapt quickly to shifting priorities. In the future, there will be a greater focus moving forward on balancing the best long-term commercial deals with a level of flexibility.

BN: Are procurement departments now evolving to meet the need for flexible cyber services?

BV: Procurement departments, particularly in non-technology sectors, are becoming more professionalized. Previously, contracts have made statements about cybersecurity providers needing to wear hard hats and steel boots on site, but these types of services are often completely remote! Now, these teams are prioritizing agile, fast-moving technology solutions that better align with their needs. This shift is evident across industries such as construction, engineering, critical infrastructure, manufacturing, and government.

BN: Are commercial teams at cyber service providers playing a bigger role?

BV: Commercial teams are becoming essential in bridging the gap between technical offerings and business priorities. As procurement teams demand greater flexibility and accountability, these experts deliver bespoke solutions and tailor services to meet the specific needs of customers. Unlike fixed technology products, adaptable services now play a key role in addressing unique challenges.

BN: How can commercial teams help procurement staff build a business case for a potential cyber solution?

BV: Building a business case for any investment has become increasingly important. The C-suite is often scrutinizing every bit of expenditure in a difficult economic climate, putting pressure on procurement teams. Commercial teams can help procurement staff build that business case to present back to the board, leading to a greater chance of a deal being struck.

It's commonplace for CEOs to be heavily involved in the buying process to ensure that the solution is financially sound and will deliver an ROI. What they’re less interested in is the technical detail. If a commercial team can come in and explain in straightforward terms the benefits a solution provides, both technically and financially, then this can boost the opportunity for a successful partnership.

Image credit: Valeriya Ignatenko/Dreamstime.com