For InfoSec teams, being part of the revenue process is no longer optional. In fact, in our recent State of Security Review Report, 64% of InfoSec respondents participated in a revenue or customer-facing activity over the last 12 months.

That means answering security questionnaires, fielding requests to see a copy of a SOC 2 or other certifications, making sure sales teams have everything they need to answer customer questions about security and compliance, and reporting on infosec effectiveness and value to the organization.

New opportunities are emerging to better communicate the value and differentiation of security. This shift is pushing InfoSec to turn the tedious review process into a business’s competitive advantage. As this change takes hold, InfoSec should be prepared to be measured against new key performance indicators.

In this article, we will break down what these are, how they will be useful in communicating InfoSec’s value to leadership, and what exactly you should measure.

KPI #1: Speed of Security Review Completion

The old adage "time is money" has never been more relevant in the realm of InfoSec. Gone are the days of endless security reviews dragging on for weeks. Today's InfoSec teams are all about speed – completing reviews faster will become more important then ever as InfoSec teams move closer to the revenue function. Why? Because faster reviews mean faster deals, and faster deals mean more revenue. It’s really that simple.

What should you measure?

  • Time it takes to turnaround a questionnaire from start to finish (your baseline + efficiency improvements)
  • % time that you’re beating SLAs
  • % questionnaires deflected with a trust center
  • Time to answer each questionnaire question (if you want to get granular)

KPI #2: InfoSec’s Impact on the Entire Deal Cycle

InfoSec will now have a larger influence on the entire deal cycle, from start to finish. How? By integrating security seamlessly into the early stages of the process, InfoSec teams ensure that security isn't just an afterthought but a core component of every deal.

What should you measure?

  • Revenue associated with security reviews in your queue
  • Win/loss rate compared to if a security review was completed for a customer and time it took to complete

KPI #3: Improving the Customer Experience

One of the most notable shifts happening is InfoSec’s role in enhancing the customer experience.  By implementing automated security review processes that don't just help to complete a questionnaire, but also delight customers, infosec and presales teams are finding ways to make security a competitive advantage. Seamless authentication processes, one-click NDA signing, and overall ease of working with your team in the process will go a long way to win over a customer.

Designing the process around making sure the cusotmer has a great experience as well as limiting headaches for your team is the mindset you need to adopt in this new era for security teams.  proactive communication on common pitfalls are just some of the ways InfoSec teams are winning over customers.

What should you measure?

  • How quickly a customer can self-serve your security posture and download documents
  • How quickly a customer can get through your NDA process
  • How quickly a customer can get their completed questionnaire back

Security and compliance is your new competitive advantage

It's time to stop thinking of InfoSec as a roadblock for deals. It's time to embrace InfoSec as your company's secret weapon that can turn trust and security into revenue streams. So, have you considered how you can turn trust and security into a competitive advantage for you company? Learn more about this shift in our State of Security Review Report.