Looking back on how we developed our company Isuna, and our platform solution is a great way to introduce you to our ‘why?’ The reason we are trying to enhance the approach to building resilience and awareness using regulation technology. Let me introduce us, the founders of Isuna, why we are unique and why we work so well.
My background is mainly law enforcement from starting work in my home city Coventry at a local police station I developed a passion and skill in intelligence analysis. I was always willing to learn and share, so much so I become an intelligence analysis trainer at the forefront of UK Policing.
Always excited to expand my knowledge I took a deep step into cyber security and found that there was a lot I could provide but also change with some positive ideas and approaches. However, ideas are only ideas until one can make them a reality.
Which takes me to introducing Vadim Lazuko my valued co-founder, one that always undersells himself about how remarkably smart, diligent, and knowledgeable he is. Hence, it is my privilege to introduce him in this blog (and during most meetings). From my personal point of view, I have never worked with someone who is so dedicated to goals and his staff.
And from a business and technical point of view, Vadim is one of the best I have work I have had the honor of working with. A successful entrepreneur with many successful businesses, immense cyber security knowledge, financial expertise, and an MBA! I am very grateful to our introduction and that Vadim believed in working with me on the initial ideas.
Together we were able to develop the initial ideas into a vision and mission. For the initial three months, we tested and test and then did some more testing. We wanted to validate and test our
assumptions. We spoke to lots of cyber security and data privacy specialists to really understand their challenges and needs. Once we had a good understanding of the problem question, we built a very small example and started to test this with our critical network.
Before we go into Isuna though, let me explain some of our profound learning points.
‘’A sector that was and still appears to be focused upon use of fear to build a client base. The question was simple – is there a better and more engaging way to build confidence between providers and potential clients?’’
A few of our key learning points
At the start it was a question that kept nagging me whilst engaged within the cyber sector. A sector that was and still appears to be focused upon use of fear to build a client base. The question was simple – is there a better and more engaging way to build confidence between providers and potential clients?
First, let us clarify the fear-based approach. It works. With some big caveats. Some clients will identify with the threats and feel the strong need to look for resolutions. They connect with the threats in some way and understand the need to convert this threat (fear) into something they find less scary, which could be to spend a lot of money on a new sparkly box of solutions. Mostly, these businesses were already engaged or had the potential to convert the fear into something actionable.
Now for the caveats, many businesses and potential clients find this approach scary. Further, they informed us that their expectation was that the fear-based approach off putting, but their thoughts immediately turned to the expense, confusing language and complexity of the solutions provided. Potential clients would physically express gasps of concern and then revert to the usual human response when facing something scary, to run away or build walls as quickly possible.
And yet if we look at other complex sectors, they seem to have learnt quickly that this approach was not helpful and moved on. Have you recently watched a car insurance advert? This is a perfect example of how a sector changed and moved away from a fear-based approach. From rejecting a fearbased approach they focus upon the values, benefits and raising the awareness of the customers.
Learning Point One: Use positive psychology to engage and build trust
We also looked at how people were working and implementing their cyber security. There is one word that clearly defines the approaches by the specialists. Differently. Which is not to say that this is a problem. Most implementations are unique, but the issues arise when there are so many different standards and then limited tools to implement. Many specialists used multiple spreadsheets to manage their implementation and because of the complexity of the many different standards (ISO27001, COBIT, DNB, and NIST amongst many others), there were always bottlenecks and efficiency problems.
Learning Point Two: Implementation is slow due to the tools available
The standards and regulations are a great starting point for many businesses, they provide a baseline and help them target goals to improve their resilience. During our interviews we discovered that these regulations and standards are highly technical and complex. They require substantial research and often businesses would require external support from expert consultants. On more than one occasion businesses decided to change from one regulation to another hoping that it would be easier to implement.
Learning Point Three: There are many regulations, and these are often complex and technical
We had already started to build our solution at this stage and to ensure we validated our approach we constantly tested our learning points and inferences. This openness directly led us to the door of our key partners NEN. NEN were, at this time, also researching the cyber sector and the use of ISO27001 by their clients. Many of their findings corroborated our results and helped to validate our solution. Further, together we found that the specialists were interested in working closer with NEN and with their peers. They wanted to share their experience, challenges, and documentation. This was in direct contrast to the current situation where many businesses worked in isolation, even though they are implementing the same standards or facing similar challenges.
Learning Point Four: Specialists wanted to communicate and help each other
Challenges Helping Build Our Resilience
These learning points kept growing but these key four were the basis that helped us to build a profound solution that solved many of the issues that we had identified. It also put into the center the expert, giving them tools, access, and evidence to implement, in this case ISO27001.
These learning points, our expertise, ongoing research, and persistence led us to form Isuna BV, here in The Hague. Our home city of choice but also one of potential and great access. With Isuna we started to develop our ideas into a digital platform. Our internal mission was ‘how can we make it easier for implementors to engage with the different standards and to make progress easily.’ Over this intense period of testing and building we faced many challenges and one that I am sure you all faced too: That of Covid.
Although our access to the market and specialists was greatly reduced, With Vadim’s help, we focused upon the achievable. With our technical team, we started to build and research the possibilities. Always returning to the challenges that we had learned about and trying to address them in multiple ways.
As we channeled our internal development efforts, we also examined how we can establish ourselves as a viable business. We started to search for partners. Partners that provided us value as a business but also vice-versa, Isuna should add value to their outputs. We know that as a new market entrant our partnerships can define us but that we wanted to prove ourselves too.
|Use positive psychology to engage and build trust|
|Implementation is slow due to the tools available|
|There are many regulations, and these are often complex and technical|
|Specialists wanted to communicate and help each other|
Stronger with a Diverse Partnership Team
NEN were an obvious possible partner, but this took time. We met many times, evidencing our approach and platform to the amazing people at NEN Innovation Labs. We were in a constant state of developing the trust and defining our mutual value.
We also partner with the Peace Innovation Institute (Stanford University Labs), The Security Delta (HSD) and CPRM. An amazing group of partners that we have known and nurtured over many years. All here, based in The Hague so providing amazing services to those that you likely know.
With partners in place, validation through our network and NEN we sought to grow our team and establish ourselves as a serious proposition that could concentrate on delivering the best possible product and service to our clients. Our inference was that we had a great product, and we were ready for market – but was this true? As we prepared to go to market, we devised another experiment. One that would test us, our product, and our readiness level.
Stichting Koninklijk Nederlands Normalisatie Instituut connects stakeholders and ensure that they reach agreements. These are recorded in standards and guidelines. They do this in national and/or international standards committees.
Peace Innovation Institute (PII) BV is a company specializing in data with laboratories around the world. The company has strong ties to Stanford University and will provide expertise in social norms, human interaction and developing sustainable solutions for non-vital enterprises. PII is based in The Hague.
Security Delta (HSD) is the Dutch security cluster. Over 275 companies, governmental organisations and knowledge institutions have been working together to make a difference in securing our digitising society.Together they focus on Cyber Security & Resilience, Data & AI/Intel and Smart Secure Societies.
CPRM BV is a specialist in the field of information security, GDPR and risk management. They share their knowledge with us to ensure that the right material is produced and meets the high legal requirements. CPRM is a company registered and operating in The Hague.
Here for the Long-Term
With the help Ronja Bruijns (the Isuna UX Designer) we started the process of applying for an EU grant. This one is called Kansen voor West. This, if you ask anyone who has applied for such an opportunity, is an arduous process and rightly so, there is a lot at stake and great potential. During the process we learnt so much and with some great support from Frank-Andre Becker and Frank Puchala we were successful. We had proven that our solution was innovative, needed, and valuable. Importantly, we also evidenced that we were at Technology Readiness Level 8, ready for market!
Our solution has so many unique features and value for you to increase your ability to build your cyber resilience and compliance to standards. Our clients can identify their maturity status, evidence this, manage their improvements and uniquely, go directly to the community to seek or provide help.
It has been an amazing journey and we continue to grow our team with local talent, build our client base, and constantly strive to improve.
We hope that this introduction to Isuna it’s people and approach help you get an understanding of the ‘why?’ as stated in the first paragraph. This is where I introduced you to my background and to the co-founder Vadim Lazuko.
We identified four key learning points:
- We need to move away from the fear-based approach and embrace positive psychology
- Implementation of standards such as ISO27001 is difficult and slow
- The many different standards are complex and technical
- The specialist implementing standards want to communicate and help each other
With this understanding and detailed analysis and research we approached the problem with an open mind to build a versatile and effective solution. Whilst we faced many familiar and different challenges, we were focused upon our goal to resolve these challenges. To make implementation achievable, build resilience across businesses and sectors, and to increase awareness through positive engagement.
We have built some amazing partnerships with NEN, PII, CPRM and The Security Delta (HSD). These partners provide us with scope and viability to provide the high-level service our client’s demand. Without them we would still be good but with them we are much better!
With our success in validating our product to clients and to an EU challenge we now have the runway to provide the solution the market requires. One that as an agile solution focused company we can always build upon and improve based upon the valued feedback of our clients whether they are CISOs, CFOs, DPOs or Compliance Officers. We hope that our platform helps you do the same as you build your compliance and resilience to cyber threats!
Next Blog: We will explain, how we are establishing our business for the long-term with the help from our partners and EU support.
If you like this article or want to be part of the next cyber insurance case study, contact us directly and let us know firstname.lastname@example.org
Try our platform 14 days for free
No creditcard details needed.