Simplifying The B2B Cybersecurity Shopping Experience

With over 5,000 cybersecurity vendors in the U.S. vying to meet the needs of virtually every type — and size — of business, the process of selecting the right provider to protect firms’ digital assets can be daunting.

But that problem could be a thing of the past thanks to the launch of the world’s first B2B cybersecurity marketplace that enables buyers to easily search, compare pricing and purchase the right IT solution in one place.

“Traditional channels for choosing the right security solutions include searching through hundreds of companies on Google, attending trade shows and conferences or dealing with constant cold calls and cold emails from security company sales reps,” said Armistead Whitney, CEO of Apptega, which recently launched CyberXchange.

It’s a scenario that was causing “extreme vendor fatigue” and confusion for buyers, Whitney said in a PYMNTS interview, especially small- to medium-sized businesses (SMBs) that don’t have a full-time chief information security officer (CISO) to help sort through the options.

Leveraging an online platform and marketplace streamlines the process to make it easier for buyers and sellers to find each other in a highly fragmented industry.

Whitney said a key feature of CyberXchange is its ability to search by a particular cybersecurity framework or category, which is the various system of standards and best practices that 91 percent of businesses use to protect themselves.

Adhering to these ever-changing protocols is no easy task, Whitney said, pointing to one common security framework used by the payment card industry known as PCI as an example.

“PCI alone has over 250 complex requirements that include things like endpoint protection, password management, anti-virus, border security, data recovery and awareness training,” Whitney said.

Compliance Is Key

In many cases, complying with this array of industry IT standards is not optional. For example, the 350,000 companies that have contracts with the Department of Defense will soon have to comply with a new mandate known as Cybersecurity Maturity Model Certification (CMMC) if they want to continue doing business with the government.

To that point, CyberXchange would allow a user that was looking for CMMC-related products and services to cut through the noise and only map and procure the solutions that satisfy every CMMC requirement.

Healthcare is another major industry that Whitney said is one of “the most at-risk for ransomware and data breaches” with federally mandated patient privacy requirements (HIPPA) being widely implemented and having a compliant IT security framework that is up to date and in place is essential.

COVID-Era Changes

As the pandemic-led digital shift has changed how and where many people now work, Whitney said that shift has heightened the risks that businesses face, especially SMBs that typically don’t have the robust security staffing and technology that Fortune 500 companies do.

Whitney said he has seen a lot of highly targeted attacks lately involving business email compromise (BEC) that involved surveilling targets for weeks or months before attacking.

“For example, when they see a company has hired a new CFO, they will impersonate that person to a colleague in accounting who has access to company bank accounts and will request a payment to a fake vendor ASAP to an offshore bank account that’s untraceable,” Whitney said.

On the other hand, Whitney said the general uptake of digitalization and online buying by individuals is leading to increased acceptance on the B2B side, too.

“COVID has accelerated the broad use of consumer eCommerce platforms by at least 15 years,” he said, “and this appetite and comfort with eCommerce will migrate in a big way to B2B eCommerce platforms.”