Cracking Cybersecurity Consulting: How do we negotiate the best price for the project?
Sixth article in a 12-part series on “Cracking Cybersecurity Consulting”
It’s hard enough to dedicate line items for cybersecurity in your annual budget. A lack of budget resources is actually the most frequent reason cited for being slow to implement cybersecurity projects.
Once you have secured the resources, though, it is still important to get the best possible value for your consulting project.
As a cybersecurity consultant, I can tell you that there are plenty of ways to get better prices during the negotiation process:
1) Referral channel: Ask if there is a discount for the referral channel. Chances are, someone has referred you to a particular consulting vendor. Ask whether that referral counted for anything and if there is an associated discount.
2) Package discount: Ask whether there is a package discount if you are buying multiple pieces/phases of a project. Inquire about package pricing because you are coming to one vendor for the entire project instead of splitting it up between various consultants.
3) Payment upfront: Ask if there is a discount for paying in advance. Most consulting vendors bill clients after a project is complete, but it may provide a meaningful benefit to them to bill at the outset rather than waiting for the end of the project.
4) Number of consultants: Ask if there are multiple consultants working on the project. Perhaps they have different billable rates, and this may be an opportunity to cut some of the costs by requesting just one consultant or a junior consultant for the monotonous work.
Recommended by LinkedIn
5) Cyber insurance: Your cyber insurance carrier may pay for part or all of a cyber project. Just consider: a cybersecurity project makes your organization a better risk for the carrier and, thus, more valuable to the cyber insurance company and broker. If you are nearing a renewal period, this could be a good negotiation tactic to get the carrier or broker to pay for part of the bill. We have known plenty of cyber insurance players that paid the client’s bill. NOTE: If you do this, be prepared to share the final report or some proof that the project was complete. Cyber insurance carriers/brokers often want transparency if they are paying.
6) Comparing quotes: This would be the last tactic to use because it is slightly insulting to compare vendors to their face. There could be a lot of reasons why the scoped out projects were priced differently, and much of it could be because of the expertise involved. But, if all else fails, ask cyber consultants if they can match another price that you received elsewhere.
Try one or a combination of these negotiation tactics to see if you can save money for future projects. Cyber consulting is becoming a race to the bottom for pricing, and there are plenty of ways to cut costs. Recall our guiding principles from previous articles:
1) Have a clear scope of the project goals; and
2) Pick a reputable consultant.
Coming up in my next article, I will detail how to protect yourself from liability and security exposures. There are two major ways to protect your organization from the very cybersecurity consultant you choose to entrust with this important work.
For more information and to discuss the consulting services that are right for your organization, contact Violet Sullivan, Esq. CIPP/US, Cyber Security Consulting Practice Manager, 760-916-4477 or email vsullivan(at)eplaceinc.com.
Business Consultant | 🚀 Driving Sales Excellence & Market Leadership | 💡 Crafting Winning Strategies for Rapid Growth | 🌏 Architect of Global Expansion Initiatives
3yIt's not often that service providers give this kind of insight. Violet, your integrity and drive to serve your clients sets you apart with this introspective piece (yet again). Thank you.
Creative Director and Marketing Manager at Pariveda
3yThis is so great and helpful, I love this series and looking forward to the next 6!