/
Incident Response Firm Value Propositions

Incident Response Firm Value Propositions

Owned by Dennis Underwood
Last updated: Apr 04, 2024
2 min read

There are some IR firms which focus strictly on chasing crises. These companies either immediately or eventually see Cyber Crucible as a threat to their revenue models. Whether there is any emotion behind it (some are “happy”, but surely that’s the minority) their business model depends on the continued failure of security tools. Cyber Crucible’s authoritative prevention capability disrupts that sales model. You can add ransom negotiation companies to that same dynamic.

It is important to build enough rapport with the IR firm partner, to understand if their business use cases and revenue are either already aligned with a Cyber Crucible breach prevention strategy, or if they are looking for a way to align with prevention.

For IR-focused firms, there are a couple business use cases and strategies that can be good talking points:

  1. Does the company desire, or do they have, longer term relationships with the victims they are working with? (Cyber Crucible as a leave-behind provides a tether to the customer for continued engagement and communication.)

  2. Is the company looking for more stable Annual Recurring Revenue on their books, as opposed to just project-based revenue? (Cyber Crucible provides stable revenue.)

  3. Is the company looking for an opportunity to move the relationship to one best described as, “we see you at your worst, and we never want to see that happen to you again”?

  4. Is the company looking for additional skus for retainers for monitoring, forensics, and support beyond emergency spend? (Cyber Crucible provides that via a Root Cause Analysis retainer we see successfully delivered to customers.)

    1. A desire to bill hourly is undesirable for the partner, because Cyber Crucible root cause analysis is much more efficient than “just in time” Time & Materials type billing. They should bill based on retainers and Fixed Firm Price type engagements, with possible options for overage of time.

  5. Does the company currently deploy EDR, but not own/control the sale, and wishes to own the sale and the revenue that currently is being driven by the “leave behind and hope they buy” EDR?

  6. Does the company want to add in security consulting and advisory engagement opportunities, or other strategy services? (CC does not provide these services, but positions themselves via #1 and #3 above as advocates for the customer longer term than simply the firefighting.)

 

Related content

Cyber Crucible On-Boarding Process
Cyber Crucible On-Boarding Process
Cyber Crucible Knowledge Base
More like this
What happens if one of my security products has a conflict with Cyber Crucible?
What happens if one of my security products has a conflict with Cyber Crucible?
Cyber Crucible Knowledge Base
More like this
Deploying to an Already Infected Environment
Deploying to an Already Infected Environment
Cyber Crucible Knowledge Base
More like this
Is Cyber Crucible an EDR, an XDR, or something else?
Is Cyber Crucible an EDR, an XDR, or something else?
Cyber Crucible Knowledge Base
More like this
Do you test against ransomware exhaustively?
Do you test against ransomware exhaustively?
Cyber Crucible Knowledge Base
More like this
Do you co-exist with other security products?
Do you co-exist with other security products?
Cyber Crucible Knowledge Base
More like this