Dennis Underwood
Published on
September 14, 2023

Why Cybersecurity Companies Don't (or Shouldn't) Publicize Their Customer List

Are you a cybersecurity company with a 'trusted by' section on your website with customer names or logos? Here's why that's a bad idea.

Companies specializing in cybersecurity have a unique challenge: balancing the allure of marketing benefits with the paramount importance of customer privacy. This article explains why cybersecurity companies should prioritize discretion over publicity, even when the temptation to showcase their clientele is strong.

The Advantage of Anonymity in Cybersecurity

A digital fortress with walls made of binary code, representing the dynamic nature of cybersecurity. Outside the fortress, several shadowy human figures attempt to map out a path inside. Select an Image

In the cybersecurity domain, the concept of anonymity stands as a paramount pillar. It's not just about keeping one's identity concealed; it's about ensuring that malicious actors remain in the dark about the defensive tools and strategies employed by an organization. Here's why this is so crucial:

  • Targeted Attacks. If cybercriminals know which cybersecurity tools a company uses, they can tailor their attacks to exploit specific vulnerabilities. Essentially, it's like handing them a roadmap to bypass the very defenses set up to keep them out.
  • Research and Exploitation. Armed with knowledge about specific cybersecurity tools, bad actors can invest time and resources into researching ways to circumvent these tools. This makes their attacks more precise and potentially more damaging.
  • The Element of Surprise. Keeping attackers guessing about the defenses in place can act as a deterrent. If they're unsure about what they're up against, they might think twice before launching an attack.
  • Best Practices. According to defense in depth principles and guidelines from reputable sources like NIST, it's recommended not to reveal any information about the cybersecurity tools in use. This aligns with the broader strategy of not giving away any potential advantages to adversaries.

In essence, while it might seem counterintuitive in an age where transparency is often lauded, in the world of cybersecurity, a certain level of secrecy is not just beneficial—it's essential.

Cybersecurity Best Practices and Guidelines

Five core focus areas in the NIST Cybersecurity framework Select an Image

In the realm of cybersecurity, one of the most respected sources for guidelines and best practices is the National Institute of Standards and Technology (NIST). Let's review a summary of NIST's recommendations and explain why adhering to these guidelines is so crucial:

  • Defense in Depth: This principle emphasizes layered security. It's not about having one impenetrable barrier but multiple layers of defense that can individually thwart different types of threats. If one layer is compromised, others stand ready to defend.
  • NIST's Recommendations: According to NIST's guidelines, there are five core functions to focus on:Identify: Recognize the assets and systems that need protection.Protect: Implement safeguards to ensure the delivery of critical infrastructure services.Detect: Identify any cybersecurity events promptly.Respond: Take action once a cybersecurity event is detected.Recover: Restore any capabilities or services impaired due to a cybersecurity event.
  • The Importance of Discretion: As highlighted by NIST's best practices, revealing information about the cybersecurity tools an organization uses can be detrimental. It's akin to showing your hand in a game of poker.
  • Balancing Transparency and Security: While being open about certain aspects of an organization's operations can be beneficial, when it comes to cybersecurity, discretion is often the better part of valor.

While every organization might have its unique challenges and needs, adhering to established guidelines like those from NIST provides a solid foundation for your cybersecurity infrastructure and policies. It's about building a cybersecurity strategy that's both robust and adaptable.

The Temptation of Marketing Benefits

It's important to balance the short-term gains of publicizing your customer list with the long-term reputational damage of a client being compromised because a malicious actor knew what defenses were in place. Select an Image

In business, especially startup business, standing out is paramount. One of the ways companies try to differentiate themselves is by showcasing their clientele, especially if that list includes well-known brands. Here's why this can be tempting:

  • Validation and Trust: Displaying a list of reputable clients can serve as a stamp of approval. It sends a message: "If these industry leaders trust us, so can you."
  • Increased Credibility: For early-stage companies, credibility can be hard to come by. Listing renowned clients can quickly elevate a company's status in the eyes of potential customers and investors.
  • Social Proof: Humans are inherently influenced by the choices of others. Seeing that other companies, especially respected ones, have chosen a particular product or service can sway decision-makers.
  • Enhanced Brand Image: Associating with well-known brands can rub off some of their prestige onto the showcasing company, enhancing its brand image.

While these marketing benefits are undeniable, they come with significant risks for cybersecurity companies. If you're publicizing your client roster you're basically posting the blueprints to the bank vault on your website. The potential for malicious actors to exploit this information far outweighs the short-term marketing gains.

The allure of showcasing big-name clients is strong but cybersecurity companies must resist this temptation. The risks involved in revealing their client list can have far-reaching consequences that could undermine the very security they promise to provide.

At Cyber Crucible we have a zero-disclosure policy. When you sign up for our industry-leading ransomware prevention & data extortion solution, we'll safeguard that fact like we would any other mission-critical secret.

Putting Customers First

No matter the specific protection your cybersecurity company provides, your first priority should be your customers and their valuable data and information. Select an Image

In the cybersecurity realm, the safety and privacy of customers should always be the top priority. While marketing benefits can be tempting, the potential risks to customers far outweigh the short-term gains. Here's why putting customers first is non-negotiable:

  • Trust and Reputation: Customers trust cybersecurity companies with their most sensitive data. Breaching this trust, even unintentionally, can lead to irreparable damage to a company's reputation. As highlighted by McKinsey, transparent communication about data collection and usage is crucial for maintaining this trust.
  • Legal Implications: Revealing customer information, even indirectly, can lead to legal consequences. Regulations like GDPR emphasize the importance of customer data privacy, and non-compliance can result in hefty fines.
  • Customer Loyalty: Customers value their privacy. By prioritizing their safety and ensuring that their data is protected, companies can foster loyalty. A study by indicates that strong security measures can significantly boost customer satisfaction.
  • Long-term Growth: While showcasing big-name clients can provide a short-term boost, ensuring customer privacy and security can lead to sustained growth. Happy, secure customers are more likely to recommend services, leading to organic growth.

The allure of showcasing big-name clients is strong, but the potential risks involved make it a strategy best avoided. Cybersecurity companies must always prioritize the safety and privacy of their customers above all else. In the world of cybersecurity, trust is the most valuable currency.

Wrapping Up

The world of cybersecurity is challenging, but one principle remains clear: the safety and trust of customers come first. While showcasing big-name clients can offer a temporary boost in credibility, the potential risks far outweigh the benefits. By adhering to best practices and prioritizing customer privacy, cybersecurity companies can build a lasting reputation based on trust and reliability.

Looking for a data theft, cyber extortion, and ransomware solution that outperforms the competition and will never disclose you as a customer? Give Cyber Crucible a try and get industry-leading protection from a trusted provider that puts you first.

About the author
Dennis Underwood

Dennis Underwood is a veteran, cybersecurity leader, inventor, and entrepreneur with over 20 years of experience. He is an expert at cryptography, intrusion discovery and analysis, having discovered multiple previously unreported intrusions to clients throughout his career. Currently, he is leading a team of like-minded experts delivering next generation intrusion discovery and ransomware response automation tools to consumers.

Start a free trial today

Sign up for Cyber Crucible today to protect your system against ransomware extortion.

Create an account