Jake Olcott is Vice President of Business Development at BitSight Technologies. He served as cyber security attorney to the Senate Commerce Committee and House Homeland Security Committee. He previously managed a cyber security consulting practice at Good Harbor Security Risk Management. Jake is an adjunct professor at Georgetown University. He holds degrees from the University of Texas at Austin and the University of Virginia School of Law.
Christopher P. Skroupa: What is the business value in cyber security? Can businesses use security as a commercial advantage?
Jake Olcott: In light of significant data breaches over the past years, businesses have traditionally seen a strong security program as a “must have.” We are now starting to see some businesses shift, viewing cyber security as not only a necessity, but also a commercial advantage.
Companies now realize that being mindful about security across all business functions can increase efficiency. Moreover, companies that have a strong security program are able to leverage it as a selling point to businesses and consumers and gain a competitive advantage to win new business.
Skroupa: Is security now a factor that is shaping and changing the way businesses form supply chains?
Olcott: Yes. Cyber security is now becoming an important selection criteria for procurement departments in many industries. An increasing number of organizations are exchanging sensitive data, so companies with strong security programs can be more compelling to do business with. As large organizations continue developing robust vendor risk programs, vendors with stronger security programs will increasingly displace lower-performing vendors.
Skroupa: Third-party cyber risk continues to be a huge challenge for organizations. What are companies doing today to manage and measure the cyber risk of their third-party business associates, vendors and suppliers?
Olcott: Many organizations conduct questionnaires, penetration tests and other security audits to measure the risk posed by vendors. What many have found is that these measures don’t provide an objective or continuous picture of a company’s security. As a result, more and more businesses are beginning to take a continuous monitoring approach towards evaluating the cyber risk posed by their vendors and suppliers. Security Rating Services (SRS) allow organizations to complement and/or reduce the exercises organizations are doing today as they allow businesses to instantly measure cyber risk.
Skroupa: How can businesses use security as a means of strengthening relationships?
Olcott: Many large organizations set security standards and expectations for the vendors they work with. Companies that frequently meet and surpass these standards can earn a lot of trust from security, procurement and legal departments. Over time, businesses that communicate and remediate security issues will quickly earn a positive reputation, which will go a long way towards retaining existing relationships and gaining new business.