Why agencies should work with security

The main reason to add security to your offer is not that you will make more money, but because it is best for your clients. By adding security to your services, you will stay relevant and increase customer loyalty while increasing revenues.

Why it’s time for agencies to start working with security

Few agencies talk about security and even fewer are working with it in a structured way. Security can help you build longterm relationships with your clients, make more money and get ahead of your competitors. We know that explaining security to clients can be a challenge, which is why we have gathered convincing arguments that you can use as a starting point in customer dialogues.

Your existing clients might assume that you are already continuously working with security because of new legal guidelines, like the General Data Protection Regulation, that require businesses to focus on preventive measures. Potential clients will want to know whether your code is secure and what your security routines look like. Take this opportunity to tackle security and show that you are aware of your clients’ wishes!

Why security matters to your clients

Revenue

Having a functional website that end customers trust is crucial for your clients and businesses like e-commerce stores depend on their online presence. This is not new to you as you already help your clients bring in organic search traffic and optimize conversion, but now it’s time to secure their websites and protect them and their customers’ sensitive data.

A security breach can take a toll on brand reputation as well as revenue and recovering from the badwill it creates is a key challenge. You have your clients’ trust – use it to keep their users’ data safe!

Brand reputation

Delivering vulnerable websites puts your agency’s reputation at risk; if your client’s website is hacked, the damage done to their brand can be immense. New vulnerabilities are discovered every day and 90% of websites have critical vulnerabilities that can be exploited by hackers. Instead of helping your clients regain their customers’ trust after a security breach, you can be an early adopter and encourage them to work proactively with security.

As an agency, you don’t want to be left behind. What happens if new customers request proof of your internal security skillset? What if your client were to find security monitoring tools on their own and initiated the dialogue? Wouldn’t you prefer to be the one who leads the security discussion?

What would Google do

Google accounts for 64% of the search market and is leading the development of search technology. It is no secret that Google is beginning to put security first – why should you lag behind? Here’s just a couple of measures Google has taken to make security more transparent and central to the customer experience:

• Websites with SSL certificates get a ranking bonus (read  more about how security affects your Google visibility in our interview with Staffan Ragnö, SEO-expert from Firstly)
• Users can see whether a website is secured with HTTPS – not offering users a secure connection can have a negative impact on brands
• Starting in February 2017, it will no longer be possible to send .js file attachments with Gmail.
• Websites that may have been hacked are flagged

Over the last couple of years, SEO and mobile have become the norm and security is up next. Google already gives a ranking bonus to websites with encrypted connections, but this is just the beginning. Shifting to a security- oriented mindset now means you and your clients will be ahead of the game as security awareness grows.

The evolution of digital marketing

Site speed, design, conversion rate optimization… These trends have gone from buzzwords to being an expected part of an agency’s service mix. If you are, or aiming to become a full-service agency, adding security to your offer is the next step – which will work as a great pitch for prospective clients and improve customer loyalty with your existing clients.

Gain higher value contracts with security

Adding security to your offering allows you to increase profits, convert one-off projects to retainers and create an ongoing dialogue and a long-lasting relationship with your clients. We have developed three example cases to illustrate how Detectify can help you gain higher value contracts.

Case 1: Add more hours to the initial offer on new projects

Run Detectify security tests on new projects and offer your clients secure delivery with a detailed findings report. This way, you can increase your revenues even further by adding a security retainer to your offer.

Case 2: Convert small one-off projects to retainers and increase profit

If you mainly work with one-off projects, security can help you convert them to ongoing retainers. Instead of not hearing from the client after the project is finished, you can offer them continuous security monitoring and talk to them on a monthly basis.

Project including design, development, SEO optimization and security-tested delivery:

You can increase your profits even further by:

• Fixing security issues for the client and adding additional hours to the retainer
• A fixed number of hours can be added to the retainer, e. g. 20 h x 100€
• The number of hours can also be based on the severity of the findings, for example:
  • Only high severity findings
  • High and medium severity findings
  • All findings
• Delivering security-tested projects with additional hours added to the initial development project (Case 1)

By combining Case 1 and Case 2, revenues can be increased by 21.5% per initial development project and by a further 600€ per year if you offer your clients an ongoing security retainer.

Case 3: Increase profit on larger retainers

If you already offer your clients large retainers, security is a great opportunity that will increase your monthly profits.

What our agency customers say

Ottoboni run Detectify security tests on their clients’ websites and say that Detectify serves as a stable foundation for their security work.

The arguments for security usually come too late, once you’ve already been hacked and at that point, your brand might already be destroyed. It is really important for agencies to offer help and guidance. It’s impossible to keep up with all the security news if you’re working with production – staying on top of new vulnerabilities is a full-time job in itself! Instead, Detectify takes care of that for us with the help of their researchers.

Afonso started using Detectify after one of their websites got hacked. Working with Detectify helped them make security a habit and develop a proactive approach to security.

With Detectify’s findings as a backup, we’ve been able to show internally and externally that security is something you need to work with continuously.

Creuna uses Detectify to secure development and continuously monitor and improve the security level of their clients.

Detectify is part of our effort to stay on top of security. Their platform has enabled us to discuss security both internally and with our clients. The security awareness and knowledge in our teams has improved since we started using Detectify.