[COMPANY NAME]

[Company address]

CYBER SECURITY
CONSULTING SERVICES
Business plan & feasibility report in perspective of
entrepreneurship

Contents
1.

Background.......................................................................................................... 3

2.

Opportunity analysis............................................................................................ 4

3.

Feasibility analysis............................................................................................... 5
3.1.

Environmental feasibility............................................................................... 5

3.2.

Product feasibility.......................................................................................... 6

3.3.

Financial feasibility......................................................................................... 8

4.

Strategic positioning and Business model............................................................9

5.

Challenges & issues........................................................................................... 11

5.1.

Business lifecycle......................................................................................... 11

5.2.

Critical success factors................................................................................ 13

Works Cited.............................................................................................................. 14

1. Background
Rapid evolution of technology is facing everyday more complex, new,
threatening, risk emerge and significantly harmful cyber security issues for
every organizations brand and bottom line. Cybersecurity attacks have been
increasing at an exponential rate since the last decade. The infiltration of an
organizations information and secured documents could be occurred for
weeks or even months ago while the organization would not have been
known to it. Organizations are bearing staggering cost when these
cybersecurity breaches do surface. Although organizations are addressing
this problem at the right priority but they are still vulnerable to cyberattacks. Hence, cybercrime or cyber security infringement can be defined as
the misuse of information system, data or cyberspace of any organization for
personal, economic or psychological gain. It includes hacking, botnets,
malware, phishing, online harassment, virtual cybercrime or any fraudulent
activity online. The US department of Defense (DoD) has been on the hit list
of cyber-attacks for years, for instance, in 1998 the Solar Sunrise cyberattacks was committed against the DoDs classified network. Similarly, UK
secretary of State for Defense has reported in 2011 that they are subject to
intense and significant issues of cyberattacks on every day basis. The
department reported that they have identified and disrupted over one
thousand attempts which were made seriously to breach the computer
network to gat secured information.
In April, 2011 a cyber-attack has been experienced b Sonys PlayStation
network which was targeted to steel the personal data of its users. It has
been reported by Sony Inc. that over 77 million accounts were compromised
with the largest data loss so far by the company. Similarly, Sony online
entertainment network has been attacked affecting more than 24 million
customer records switching the attention towards the vulnerability of big
organization through cybercrimes and hacking. An example of phishing is the
Nigerian 419 scam which is comprised of the situation in which millions of

users were directed to fraudulent website that acquire account passwords

and details and impersonate banks. Millions of dollars were stolen and
transferred to the fraudulent accounts. According to the estimates of IC3,
more than 275,000 complaints about cybercrimes were recorded from
medium to large size organizations in 2008. From these complaints, 26
percent were recognized as valid and transferred to the law enforcing
agencies. The cybersecurity issues since 2010 are relating to the categories
of auction fraud, non-delivery of merchandise, credit and debit card frauds,
identity theft, financial institution frauds and virtual cyber-attacks. Through
the assessment of worlds cybersecurity agencies reports, it can be said that
market is in dire need of innovative and secured tools and programs for the
security of organizations information and documents to prevent it from
infringement. Especially, banks and financial institutions are vulnerable to
cyber-attacks for the sake of money to a larger extent. Hence, the agencies
and organization, which are introducing security programs and tools to save
the organizational information and computer networks from infringement
and cyber misuse, are increasing due to the increased demand of security
programs in the market all over the world. Since, the larger organization are
vulnerable to these security attacks including the USA and UK security
department (through hacking, scam and phishing) on daily basis, the smaller
or medium level organizations essentially required to implement and acquire
cybersecurity services to keep their operations and processes safe.
2. Opportunity analysis
The emergence of globalization, economies and IT innovations such as the
inventions of PCs, mobility and cloud computing have given rise to the
vulnerability and lowered the protection of governments IT systems and
enterprise. Todays IT trends are compelling the organization to open their
system to the populace, for instance, from personal to enterprise, from
SCADA to Web, it has become essential for systems to be open for
individuals due to the business purpose (Adamson, 2013). To enable internet-

based business, e-commerce, and internet based partner and supplier

relationships, the balance between a business enablement and business
protection is changing. Due to which, the demand of cybersecurity solutions
is increasing at exponential rate to prevent and protect the data, information
about the personal accounts of organizations client. Following are the
solution trends which can be offered by a cybersecurity consulting agency to
avoid these cyber-attacks. One of these solutions involves the risk
management provided by the cybersecurity consulting agencies present in
the market. Industry, state regulations and financials of any organization are
at the core of risk management now which is linked to the internal as well as
external audit functions (Birley, 2000). Another solution is vulnerability
management which, in fast moving and rapidly increasing environment of
cyber threats, has become a must-have function for cyber security.
Vulnerability management can be provided by cyber security audits (through
software tools) and cyber security suites or through the cloud systems. The
third solution which the company is intended to provide assessing the
opportunity in the market is asset management and discovery (Burt, 2000).
It can be defined as the linkage between system management and IT
security to document the assets or the components of IT system which is
essential for the implementation of vulnerability management. To attain the
goal

of

ADM,

implementation

of

artificial

intelligence

enables

the

autonomous system which compete with the complexity of the todays

information

technology

system.

Mobile

security

and

services

for

development of the security operations centers are also significant solutions

which the company is intended to provide (Cant, 2009). Following is the
market analysis reported in 2013 by IBM security services which can
elaborate the opportunity window present in the market for new entrant as
cyber security consulting agency.
Security attacks, incidents and events in 2013
Security events
Security attacks
Security
incidents

Annual

Annual 16, 865

Annual 109

91,765,453
Monthly

Monthly, 1, 405

Monthly 9

7,647,121
Weekly

Weekly 324

Weekly 2

1,746,720
Table

I:

security

and

artificial

intelligence

events

and

implementation have reduced the security attacks and incidents to

a greater extent.
3. Feasibility analysis
3.1.
Environmental feasibility
From the above table, it has been clear that the implementation of security
events provided by large cyber security consulting firms have great impact
on reducing the cybercrimes and cyber incidents which lead to the steeling
of organizations secured documents and information. The damage from
these type of security breaches can be severe if the consumers lose their
faith from the companys ability to keep their data safe and hence, leads to
poorer financial performance. In 2013, the Ponemon Institute reported that a
company has to bear $145 per record data lose per client (Chen, 2007). It
has also been estimated that a retailer with lost credit card information of his
clients can face loss of more than hundred million dollars including fines. A
university could suffer from the loss of 5.4 million dollar in case of leaked
40,000 accounts or records of its students. Hence, the market demands the
implementation of cyber security tools and programs to prevent from such
huge loses either it is an industrial organization or governmental (Chen,
2012).
Companies
1
2
3
4

with Cost

respect to region
United States
Germany
Brazil
India

per

cyber-attack/

loss of information
$ 5.9 million
$ 4.7 million
$ 1.6 million
$ 1.4 million

Table II: Comparison of companies bearing Cost per cyber-attack/

loss of information based on the global average
The vulnerable industries for cybercrimes can be classified as the following
to get a clearer picture of feasibility and success of a consulting service
agency (Chen, 2008).

Fig

I:

The

financial

and

manufacturing

industries

are

highly

vulnerable to cyber-attacks
3.2.
feasibility
The categories

Product

which

company

the

of incidents for

been aimed to

provide

security

solution

described in the

following

figure.

incidents

These

happening

in

the

has
are
are

financial

and manufacturing industries with the following percentage based on global

average.

Fig II: Malicious and Scan problems are at the top of the list
assessed globally
Above mentioned cyber security issues are facing by the organization
operating in any kind of industry relating to any size or operations of the
organization. Hence, the company is intended to provide the consulting
services to deal with these cyber security issues. These consulting services
would be comprised of the tools and programs for the implementation of risk
management, vulnerably management, asset discovery and management,
mobile security and development of secure operation centers for the
organization related to the financial and manufacturing industries at priority
(Grimes, 2013). Traditional security defenses employed by the organization
with the help of IT tools are now out of date and the organizations are
demanding to implement artificial intelligence tools to gauge and identify the
risk associated to their operations, assets and processes in order to protect
the intellectual property and customers database. With the changing
practices and business horizons, companies need to gather data of their
customers to personalize and customize the marketing messages in order to
get competitive advantage over other (Holm, 2006). It can only be achieved
if the company is able to secure the data of its customer which would pay
heavy cost otherwise in case of breach of information. Hence, the future of
feasibility of cyber security products puts greater emphasize on the

capability to protect customers information increasing the demand of such

types of solutions in the market (Johannisson, 2005).
3.3.
Financial feasibility
The demand of consulting services in the market is enormous and the client
organizations are included to get protection from cyber-attacks even at
higher rates. Since, the existing companies are fewer in number and
rendering their services at higher rates, the feasibility for a new entrant is
quite significant. From table II, it can be understood that companies in the
USA, Germany, Brazil and India are highly vulnerable to cyber-attacks along
with bearing highest cost as compared to the other countries in the world
(Pickton & Broderick , 2005). Considering the costs which the companies
have to bear in case of absence of cyber security tools and programs, the
companies are highly willing to get expensive but reliable cyber security
consulting services even charging them in million dollars. Organizations have
to accelerate their capability to identify and limit new cyber risk and
implement intelligence tools to protect their intellectual property. The
company is intended to render its services at the average rate going in the
market.
Services / Suite

Charges/

1
2
3

month
Risk management
$ 400
Risk management (internal & external audit)
$ 500
Risk management and implementation of artificial $ 450

intelligence
Mobile security

5
6

protection)
Operating system security
Vulnerability management

system + Software security)

Asset discovery and management (involves internal $ 1000

(scam,

malware

(mobile

and

hacking $ 300
$ 300
operating $ 800

components and software needed to be protected for

8

overall security)
Development of secure operations center

$ 1000

Cloud computing solutions

$ 1000

Table III: Services offered and the charges to the client company
Above is the consulting fee which the company would charge to every client
according to the services that company would be willing to acquire. The
company would charge the client company on monthly basis for the
acquisition of these consulting services. Prices have been kept enough
competitive regarding the market prices and suites offered by other
companies.
4. Strategic positioning and Business model
Key partners: The Company would have strategic alliance with the IT
companies, software and hardware vendors, software developers, internal
and external IT auditors, financial experts and other IT companies. For the
rendering of services mentioned in the Table III, the company would have
partnership with these companies to provide prompt and reliable solutions.
Key partnership with these companies is essential to provide a full suite of
capabilities and IT security services (Holm, 2006).
Key

activities:

Internal

and

external

auditing,

risk

management,

vulnerability management, asset discovery and management, mobile

security and operating system software security are the key activities done
by the company to achieve its goals. To achieve this, the other activities
include the developed of strategic partnership with required companies,
establishment of distribution channels, acquisition and distribution of
services, implementation of security tools, marketing efforts and market
penetration.
Key resources: Resources which the organization needs are the human
capital and a talent pool to provide consultancy services to the client. The
company

needs

customer

relationship

management

and

integrated

marketing communication to build strong relationship with the customer as

well as suppliers.

Value proposition:

A combination of IT security solutions and cyber

security consultation with an innovative approaches and industrys best

practices will deliver services with continuing values fulfilling the clients
demands and security needs. The company would provide a responsive, costeffective, reliable services delivery and consultation to satisfy its customers
reducing cyber-attacks and leakage of information. Latest technology to
ensure network resilience & dedication to clients mission success so that
cyber threats can be mitigated.
Proactive risk management would enable the client organizations to identify
and gauge the associated risk with their operations, repository and
information of customers. It would also assist in establishing the risk
mitigation processes to reduce damage.
Customer segment: The most important customer for our company is the
organization belonging to financial and manufacturing industry because they
are highly vulnerable to cyber-attacks and in return highly willing to pay
more for reliable and secured services. Cyber security solution would be
provided through cloud or SaaS throughout the world because of the virtual
nature of business. Hence, the company considers whole financial and
manufacturing companies as its clients whether they are small, medium or
large organization in terms of their market reach and operations.
Key partners
Software
developers

Key resources
Human capital

Security card
developers

Consultants

IT companies

practices

Internal &
external
auditors

Customer relationship
management

Integrated
marketing
communication

Value
proposition
A combination of IT
security solutions and
cyber
security
consultation with an
innovative approaches
and industrys best
practices will deliver
services
with
continuing values.
Responsive,

cost-

Customer
segment
Firms operating in
financial and
manufacturing
industries
Catering small,
medium and large
organizations on the
basis of their
operations

Key activities
effective,
reliable
Distribution
services delivery and
Software/ channels
Relationship
consultation
hardware
Costs:
costs includedevelopment
fixed, initial with
investment to
Revenues: The clients would
Offline (small &
vendors
Latest be
technology
to
distributors, huge cost would
initiate
the business. Additionally,
be charged
on monthly basis.
regional level

ensure
network
incurred for organizations)
suppliers
of requited
andconsultancy
Hence, the revenue would be
Financial the procurement
resilience & dedication
staff, software, tools customers
and programs, hardware
and
to
clients collected
mission after rendering the
experts
& cloud channels. Afterwards,
developmentOnline
of (SaaS
distribution
service for a month. The
success
Procurement
of respect to
computing)
small variable
cost would
be incurred with
pricing strategy has been
Proactive
risk
software
and
clients.
described in Table III.

Fig III: Business Model

Channels of distribution: Since, it is a consulting agency providing cyber
security solutions as well in form of cloud computing or SaaS, the company is
being able to keep its operations online. However, the channel of distribution
can also be offline in form of physical or hardware if the organizations size is
small and regional. Hence, the channels of distribution are both online as
well as offline.
Cost: The company has to bear huge capital investment and initiation cost
at the time of inception of business. The cost would be categorized as; the
cost of acquisition of software, acquisition of hardware, commercial place,
marketing and other supporting activities, fixed investment cost and variable
cost which would be considered on the basis of number of clients served
(Adamson, 2013).
Revenues: the revenue and the prices for individual as well as combination
of services provided in the form of suits or application has been discussed in
the Table III.

Fig IV: Worldwide vulnerability and cyber security management

revenues (Chen, 2012)
5. Challenges & issues

5.1.

Business lifecycle

Our company is at the first step of business lifecycle i.e. startup phase which
has been associated to numerous challenges and problems for product
development and market penetration (Venkatraman & V, 2006). Through the
literature available on the cyber security consulting market, it can be said
that the industry is at growth stage which requires serious attempts to enter
into the market and introduce a company as a brand fro market penetration
and to get a competitive advantage (Verhoef, 2003). The market situation
depicts the high demand of security products and vulnerability solutions
where organizations are looking for solution to create and internally audit
security policy, proactive mitigation of cyber risks, consolidation of risk
management and mitigation process and ultimate provision of cyber security
solutions (Reid, 2005). The market of cyber security consulting services has
seen growth of 17 % since 2010 because of the ever increasing cyber cries
and cyber-attacks on well-known organizations including Sony Inc. With over
50 well known vendors, the total market was about 3.4 billion dollar
increasing at exponential rate of 17 % annually. Hence, to start a business in
highly progressing and demanding market is comparatively easy however, in

the market of active participants such as IBM, the company faces many
challenges. In the complex and competitive market of cyber security
consulting, the company is facing issues to procure information for product
development as well as bargaining power of suppliers is another issue. Due
to the presence of large 50 vendors occupying the market at global level,
suppliers has inelastic demand of prices which incurs high investment cost at
initial level (Porter, 2008). Absence of information leads to the procurement
and establishment of relationship with the clients who are bound to reliable
and already established relationship with big consulting organizations such
as IBM . The competition is stiffened which is quite challenging at the initial
level of business however, the company is able to acquire regional and local
client company to initiate its business which is a favorable factors.

Absence
of
information
for
product
development
High competition
Saturated market
with few giant
consulting
companies
like
IBM

Fig V: Business Lifecycle

5.2.
Critical success factors
To penetrate into the market and to initiate the business, it is critically
needed to consider the success factors taking into account the business life
cycle as well as the phase of industry. In this case, the company is at initial
phase of introduction while the industry in which it is intended to operate is

at growth stage. Hence the critical success factors have been summarized as
below.
Functional
1

area
Marketing
sales

Success factors
and The company is in dire need of establishment of
brand awareness campaigns to compete with other
companies as well as to establish integrated
marketing

communication

and

customer

relationship management techniques to attract and

2

Finance

entice new and potential customers.

At the startup, the company should try to get
access to loans or investments because of huge

R&D

costs incurred at this stage.

Research and development is necessary to know
about the gaps in the market and how to fulfill
those gaps by offering products and services to

Human

satisfy customers.
To lead in consultancy business, company needs to

resource

acquire a talent pool with skilled, dedicated and

Focus area

motivated workforce to cater the clients needs.

As the industry is in growth phase, the company
should try to focus on increasing sales through
marketing and communication. Grabbing greater
market share would be the ultimate goal for

Production

success.
To match with the needs of market, the company
should pay attention to the product development
and increased production capability.

Table IV: Critical success factors for market penetration

Works Cited
Adamson, I., 2013. Relationship marketing: customer commitment and trust
as a strategy for the smaller Hong Kong corporate banking sector..
International journal of bank marketing.
Birley, S., 2000. Entrepreneurial networks: their emergence in Ireland and
overseas. International Small Business Journal.
Burt, R., 2000. The network entrepreneur. Entrepreneurship: The social
science view, pp. 281-307.
Cant, M., 2009. Marketing Management. Juta Publications.
Chen, C., 2007. Marketing communication strategies in support of product
launch: An empirical study of Taiwanese high-tech firms. Industrial Marketing
Management, pp. 1046-1056.
Chen, K. H., 2012. The impact of Customer Knowledge Enabled Innovation
Capability, Learning Orientation, Supervisor Support on Organizational
Performance. Journal of Business Management , pp. 11-14.
Chen, Y., 2008. Online consumer review: Word-of-mouth as a new element of
marketing communication mix. Management Science, pp. 477-491.
Dodd,

S.,

2002.

National

differences

in

entrepreneurial

networking.

Entrepreneurship & Regional Development, pp. 117-134.

Dubini, P., 2000. Personal and extended networks are central to the
entrepreneurial process. Journal of Business Venturing, pp. 305-313.
Duncan, T., 1996. The concept, process, and evolution of integrated
marketing communication. Integrated communication: Synergy of persuasive
voices.
Gilmore, A., 2001. SME marketing in practice. Marketing intelligence &
planning.

Grimes,

M.,

2013.

Studying

the

origins

of

social

entrepreneurship:

compassion and the role of embedded agency. Academy of management

review, pp. 460-463.
Hill, J., 1999. The development and application of a qualitative approach to
researching the marketing networks of small firm entrepreneurs. Qualitative
market research: An international journal.
Holm, O., 2006. Integrated marketing communication: from tactics to
strategy. Corporate Communications: An International Journal, pp. 23-33.
Houman Andersen, P., 2001. Relationship development and marketing
communication: an integrative model.. Journal of Business & Industrial
Marketing, pp. 167-183.
Johannisson,

B.,

1988.

Business

formationa

network

approach.

Scandinavian journal of management, pp. 83-99.

Johannisson, B., 2005. Community entrepreneurs: networking for local
development. Entrepreneurship & regional development,.
Johannissson, B., 1998. Personal networks in emerging knowledge-based
firms:

spatial

and

functional

patterns.

Entrepreneurship

&

Regional

Development,, pp. 297-312.

Lal, K., 2002. E-business and manufacturing sector: a study of small and
medium-sized enterprises in India. Research Policy, 31(7), pp. 1199-1211.
Madhavaram, S., 2005. Integrated marketing communication (IMC) and
brand identity as critical components of brand equity strategy: A conceptual
framework and research propositions. Journal of Advertising.
McAuley, A., 1999. Entrepreneurial instant exporters in the Scottish arts and
crafts sector. Journal of International marketing.
Merkel, N., 2005. Customer Relationship Management in Banking Sector. The
Journal of Marketing .

Mohr, J., 2000. Communication

strategies in

marketing

channels: A

theoretical perspective.. The Journal of Marketing, pp. 36-51.

O'Donnell, A., 2001. The network construct in entrepreneurship research: a
review and critique. Management Decision, pp. 749-760.
Payne,

A.,

2005.

strategic

framework

for

customer

relationship

management. Journal of marketing.

Peteraf, M., 2011. 5. Entrepreneurship, competitive dynamics, and a
resource-based view of competitive advantage.. The competitive dynamics
of entrepreneurial market entry, p. 176.
Pickton , D. & Broderick , A., 2005. Integrated marketing communications.
Porter, M., 2008. The five competitive forces that shape strategy. Harvard
business review,.
Reid,

M.,

2005.

The

relationship

between

integrated

marketing

communication, market orientation, and brand orientation. Journal of

Advertising.
Ryals, L., 2001. Cross-functional issues in the implementation of relationship
marketing

through

customer

relationship

management.

European

management journal.
Shimp, T., 1997. Advertising, promotion, and supplemental aspects of
integrated marketing communications. Harcourt Brace College Publishers..
Venkatraman, N. & V, R., 2006. Measurement of business performance in
Strategy research: a Comparison of approaches. Academy of Management
Review, Volume 11, pp. 810-814.
Verhoef, P., 2003. Understanding the effect of customer relationship
management

efforts

on

customer

development. Journal of marketing.

retention

and

customer

share