Back in the early 2000s, after the first wave of the dot.com boom, and as reality began to creep into the digital revolution, it wasn’t just plummeting corporate valuations that made people think a bit harder about the future. If, in this new world, so much of any company’s risk – infrastructure, e-commerce platforms, customer data, and financial assets – was going to stand in the open pasture of the internet, how were they to electrify the fences to scare the rustlers off, and disinfect the boundaries to keep the diseases away?
Unsurprisingly, it soon became a regulatory issue. Around the world, acts of government came into force to compel boards to worry about the security of their systems, first to protect their own shareholders’ interests and latterly to protect the privacy and safety of pretty much everyone who comes into contact with the company’s digital presence.
In that atmosphere, it ought to have been bonanza time for expert suppliers of IT security software, and for many it was. But the fact is that for CTOs and CIOs and for spending departments in general, especially as we moved into the recessionary times after 2008, there were always other spending priorities. Spending on security had to fight it out against better CRM or other technologies for (supposedly) making business more efficient, and could often become an esoteric, reactive, tactical purchase, rather than a part of an organisation’s positive overall digital strategy.
One weapon that the security salesperson had in such an environment was the Implication Question – that part of the SPIN® model that picks up on the information that the seller learns about the buyer’s immediate presenting problems and starts to lead them into a detailed discussion of what could happen if the problem isn’t fixed, and what impact that could have. Thus, a conversation begins like this:
Seller: “Do you have any data on the frequency of phishing attacks?”
Customer: “Yes, attempts have increased 31% this year in our Zurich and Delhi centres”
Seller: “Any breaches?”
Customer: “Yes, we did have a scare last month that caused a complete shutdown for an hour while we sorted it out, but we were able to contain it because we noticed it in time.”
Now here, the unskilled seller starts to talk about their product or solution. But that would be too early. We know little enough about the problem, and we haven’t yet magnified the consequences in the mind of the customer to the point where doing something about it has worked its way up the priority list. The skilled seller, by contrast, grows the urgency and importance of finding a solution by asking Implication Questions.
- How much trading would you lose if that happened again, or was extended to other locations? What would that cost?
- Would that have an impact on your insurance costs at renewal time?
- Do you have the kind of customer base who would readily sue you over data loss such as this?
- What would be the effect on your reputation in the marketplace and does your marketing department have the resources to execute the crisis management plan if it happens everywhere at once?
- What would your personal position be if it happened again on your watch?
This kind of conversation moves the seller into altogether different territory. She isn’t just another visitor in a busy day: she’s the potential saviour of the customer from a stream of unpleasant eventualities; and conversely, the potential harbinger of a better, safer, more secure, calmer world for that customer.
From there to the sale is still a journey of further questions – working out collaboratively exactly how, and with what precise benefits, the seller’s solution fits the needs the customer is enumerating. But in an area like digital security, perhaps more than any other, the Implication Question is the vital bridge.
Over the last decade or more we worked with people like EMC, Verisign and Clearswift – and in each case, being able to help their people frame really powerful Implication Questions was a key part of getting their customers to think through exactly what the spending priorities were. And now, as malicious attacks and even more sinister threats appear to multiply, anyone who can bring a credible solution – and sell it well to public and private organisations everywhere – will be doing us all a favour.