CyberSecOp Drives 260% Increase in Client Retention with Apptega

With its deep expertise and emphasis on integrity, CyberSecOp has become one of the top worldwide providers of cybersecurity consulting and managed security services, recognized by Gartner Peer Insights as #1 globally.

CyberSecOp works as an extension of client teams to protect sensitive data, reduce cyber risk, and ensure regulatory compliance. But as the speed and scale of cyberattacks intensifies, compliance mandates grow increasingly cumbersome, making it more difficult to manage client programs.

To reduce the burden for its clients and teams, CyberSecOp needed a partner and platform that could help overcome three major pain points:

1. Keeping data clean and tracking it across hundreds of controls and sub-controls

2. Continually improving a client’s security maturity with quantifiable evidence

3. Clearly representing CyberSecOp’s value and impact, validating the partnership and investment  

Partnering with Apptega, CyberSecOp consolidated its previously scattered and disconnected data environment, creating a more proactive approach to cybersecurity and compliance program management that resulted in stickier client relationships.

‍

A Choppy, Disconnected Environment

Before partnering with Apptega, CyberSecOp was dealing with the same challenges most providers face when managing client cybersecurity and compliance programs.  

First, the process was highly manual and time-consuming, managed across clunky spreadsheets and sprawling files. This approach required a lot of heavy lifting from the CyberSecOp team and made it difficult to properly track client data and progress.  

“It’s virtually impossible to be proactive in a spreadsheet world,” said Christopher Yula, V.P. of Sales & Strategy at CyberSecOp. “It was a cumbersome process to sit down and track everything across hundreds of controls and sub-controls, keeping all the data clean and staying locked in on what’s being done or what’s next on the list.”

Using spreadsheets, CyberSecOp was also limited in its ability to validate the data and show the value of its services. There was no easy way to show clients what they’d achieved, how far they’d come, or where they were behind. Without seeing the results of their investment, they were also less likely to extend the relationship.

“We were trying to show progression in a very choppy and disconnected environment,” Yula said. “It was just very nebulous without providing a visual and a platform to show how they improved or whether they were getting what they paid for.”  

This lack of visibility made it harder for CyberSecOp to upsell from one-off assessments to full cybersecurity and compliance programs, achieving a less than 50% hit rate and limiting recurring revenue.

‍

Creating an Ongoing Client Journey

In an industry where many providers lack the tools and resources to effectively manage client security and compliance programs, CyberSecOp automates the process from assessment to audit through the Apptega platform.

“Our clients can go into the platform at any time to see how they’re progressing, which tasks remain, and to whom they are assigned,” Yula said. “If we didn’t have the tool and this constant view, I think they would lose interest from a lack of engagement. But if we’re doing our jobs right, we can provide an ongoing journey and drive real value as opposed to letting things becoming stagnant.”

This “continuous compliance” approach combines security and compliance services, delivering them in the context of a recurring revenue model. It also provides an unbiased way for CyberSecOp to show the value and ROI of its services.  

With Apptega baked into roughly 90% of its offerings, CyberSecOp can map its security services to the frameworks and controls they help satisfy, providing real-time visibility and progress reporting over time.  

“A lot of people think compliance is still just policies, procedures, and runbooks as opposed to looking at the interdependencies between all moving parts,” Yula said. “In the past using spreadsheets, our clients didn’t really have a sense of how our services were contributing to the totality of their risk environment, but it’s much easier to show that in the platform.”

And with most clients managing multiple frameworks at the same time, CyberSecOp can crosswalk between them to create a more cohesive program and cut out unnecessary steps. Shared sub-controls are combined and replicated across program frameworks, enabling consolidated analysis and reporting on frameworks and associated programs.

‍

The Results — Greater Visibility, Stickier Relationships, and Higher Program Adoption

Since ditching the spreadsheets for the Apptega platform, the CyberSecOp team has been more proactive in its approach to security and compliance program management.  

Tracking data across controls and sub-controls is easy with everything in one place. And by consolidating into a single, overarching view, CyberSecOp clients and teams have greater visibility into how programs are progressing.  

“Our clients can see where they started and how we helped get them where they are today,” Yula said. “It may not be where they ultimately want to end up, but they can see that movement toward something better and the impact of their investment because they can quantify the compliance and security improvements. They feel more comfortable with that spend as well as maintaining and extending the relationship.”

It's also easier for CyberSecOp to upsell its clients on new opportunities, transitioning them from one-off assessments to full programs, which was only 25% of clients three years ago.  

“Now, 90% of our clients are doing an assessment and a program right out the gate,” Yula said. “Part of that is the toolset and part of that is our sales motion, but it saves us from having to transition that pipeline later on. Our active customers already have the program supported by Apptega, so we can instead focus our efforts on net new business.”

And with framework crosswalking, the CyberSecOp team can avoid duplicate work, save time and resources, and better transition clients into more mature framework environments.

‍

‍