Introduction
Key Takeaways
Cybersecurity and compliance management can be a real drag. Your client projects are often one-off engagements. Churn rate is high. Bandwidth is low. And your workflows are so clogged up with spreadsheets you need a columnoscopy.
Sure, you’re curious about the potential ROI of continuous compliance as a service. But is it worth it?
With the “golden age” of managed services slowly coming to an end, security providers face a new era of consolidation, unprecedented M&A, and private equity-backed rollup. Only the strong balance sheets will survive, and only the differentiated will thrive — or successfully exit.
And while continuous compliance offerings present a massive opportunity for providers to increase recurring revenue and better entice investors and buyers, few are capitalizing on it.
In this article, we’ll share what’s holding them back and how to calculate the value of continuous compliance for you and your clients
Also known as ongoing or recurring compliance, continuous compliance is a proactive approach that transforms compliance from a check-the-box exercise into a continuous state of improvement and scoring, from assessment to audit-ready programs.
What’s Holding Providers Back?
According to the findings of our recent State of Continuous Compliance Report, 86% of managed service and security providers are interested in a continuous compliance offering for their clients.
But ongoing engagements currently make up a disproportionally small percentage of their overall revenue. In fact, for 56% of providers, less than a quarter of their revenue is recurring.
So, what’s going on? Where’s the disconnect?
With 70% of security providers facing at least double-digit annual recurring revenue (ARR) growth goals, you’d think they’d be chomping at the bit to create stickier compliance offerings.
While they obviously see the value of continuous compliance services, something is getting in the way.
To find out what, we asked hundreds of providers about the challenges they face maintaining compliance for their customers. For most, it’s a lack of resources or expertise. For others, it’s high costs or a lack of the right tools and technology.
Sound familiar? While these challenges make it difficult to capitalize on the compliance opportunity, a robust offering could help you overcome these hurdles and better meet your growth goals.
With a world-class ongoing compliance program and automated workflows through a continuous compliance platform, you can boost recurring revenue, stand out among the competition, and ultimately improve your ROI.
How to Calculate the Value of Continuous Compliance
Are you leaving money on the table by not offering ongoing managed compliance services?
Let’s find out.
Using our ROI Calculator for providers, you can see the value of continuous compliance in your own numbers (when offered through Apptega). Let’s use results from a real Apptega partner as an example.
Say you’re a provider with 320 existing customers and $70 million in cybersecurity ARR. You have 15 sales reps and an average ARR goal of $1 million for each rep. Assuming a 20% win rate for upsells and 30% win rate for new customers, you could expect the following ROI:
- Net Profit Increase: $1,284,500
- ARR Increase: 4%
- Net New ARR: $3,115,000
- Churn Reduction: $420,000
- OPEX Savings: $350,000
The Value of Continuous Compliance for Your Clients
In our recent survey report, 70% of providers said their clients would be interested in continuous compliance to ensure ongoing monitoring and scoring, rather than just in the lead-up to audits.
Let’s see what that might look like in terms of client ROI.
Consider a mid-market organization with $10 million in annual revenue and no internal compliance team. With a $60,000 cyber insurance premium and 300 external auditor hours at a rate of $350 per hour, your clients could realize the following ROI:
- Net Profit Increase: $510,000
- ROI: 28%
- Reduced Data Breach Costs: $330,000
- Insurance Premium Savings: $12,000
- Compliance Cost Savings: $21,000
- New Business Growth: $165,000
While this doesn’t include the cost of your services, it does paint a pretty picture of the savings your organization could provide for clients through continuous compliance as a service.
Validating Your Existing Security Services
Continuous compliance is an opportunity for you to not only go to market with a new recurring service but also make your existing security offerings more attractive by delivering them in service of compliance.
It’s likely your security products and services already address compliance requirements in some way by helping satisfy framework controls. But by not packaging these services as a formal compliance offering — along with the appropriate technology to map the services to the controls they fulfill, showing real-time health and scoring — you could be limiting your business.
Let’s look at the numbers. When bundled with your other security services, a productized compliance offering leads to:
- Higher margins — an average annual profit margin increase of 1-2%.
- Lower client churn — an average churn reduction of 2-3%.
- More recurring revenue — an average ARR lift of 1-5%.
Overall, Apptega partners have more optimistic compliance goals and outcomes compared to other providers:
- More of their compliance revenue is recurring — 36% receive more than half of their compliance revenue from recurring engagements versus 26% of non-partners.
- They have higher ARR goals — 62% have double-digit ARR growth goals versus 56% of non-partners.
- They’re more confident in meeting their ARR goals — 67% say they are likely to hit their goals versus 43% of non-partners.
In an environment where growth is at a premium, continuous compliance presents an appealing onramp to recurring revenue, higher margins, and better client retention.
Is it right for your business? We’ll let the numbers do the talking.
Check out our ROI calculators for providers and for in-house teams to see the value of continuous compliance in your own numbers.