On this page: Opportunity | Solution | Impact
The Opportunity
A new way to source cybersecurity
Cyberattacks are on track to cause $10.5 trillion a year in damage by 2025. In their efforts to fight back, business leaders face complex choices. Their own security environments likely use technology sourced from multiple vendors and when they look to the market, the choices are paralyzing: more than 7,000 providers globally are vying for their attention. While there are hundreds of system integrators reselling solutions, finding independent advice without hidden interests is rare.
“Ransomware attacks pose an existential threat to small- and midsized companies. Building up the right protective shield can be overwhelming for them. The result is lots of money spent in panic on cyber tools that do not meet their needs,” says McKinsey partner Wolf Richter. “The Bosch CyberCompare team saw that pain point—and moved to do something about it.”
Why should every organization start from scratch when purchasing cybersecurity, instead of building on good practices and benefitting from platform effects?
The subsidiary of Germany-based multinational engineering and technology company Bosch wanted to offer businesses a new way to source cybersecurity, without a hidden incentive to sell expensive solutions or services.
Leaders envisioned an independent and trustworthy B2B platform built on the experience of hundreds of companies across industries and public sector institutions. It was originally intended to bring cybersecurity to a particular audience: manufacturing companies in Germany and Europe that increasingly rely on connected machines to run their business.
This would become CyberCompare, a digital platform augmented by advisory services, built with McKinsey, that helps leaders get the cybersecurity they need.
The Solution
The power of human judgement augmented by AI
Working with McKinsey's Leap business building experts, Bosch built a unique database. The foundation for CyberCompare’s knowledge platform and cybersecurity marketplace was supported by proprietary data and an AI-based matching algorithm.
The platform draws on the experience of more than 450 enterprise customers across all business sectors as well as public entities like airports, utilities, hospitals, and city administrations. Tenders can be run anonymously without exposing to the public where customers need help. More than 1,000 security quotes across all categories enable a unique benchmarking of price and performance.
“Why should every organization start from scratch when purchasing cybersecurity, instead of building on good practices and benefitting from platform effects?” says CyberCompare CEO Jannis Stemmann. “CyberCompare offers the opportunity to get the project completed faster, with lower risk, for a lower budget, and with better outcomes.”
The platform offers three products and services: a diagnostic of cyber risks, customer-specific market studies for cybersecurity, and complete request for information and request for proposal services including requirement specifications to technically and commercially compare security offers.
CyberCompare connects customers to suitable providers and anonymously runs tenders for companies to ensure their cybersecurity needs remain confidential. It can also benchmark quotations technically, along service level agreements, and commercially.
“Bosch CyberCompare made a big effort to learn about what cybersecurity threats had to be covered effectively and cost-efficiently,” says McKinsey partner Jerome Königsfeld. “They then focused on how to bring this knowledge to companies and public sector entities with similar problems.”
CyberCompare does not have any reselling contracts with vendors and security service providers, eliminating commissions, kickbacks, or fees paid by vendors to ensure customer interests come first. “CyberCompare is offering a unique and valuable service to external customers and Bosch units,” says Bosch Group chief cybersecurity officer Christoph Peylo.
Over time, the value proposition has evolved. CyberCompare scaled the business from initially serving medium-sized companies with smaller cybersecurity diagnostics to implementing and rolling out cybersecurity solutions internationally for public sector entities and blue-chip companies.
CyberCompare offers a diagnostic of cyber risks, market studies, and complete RFI and RFP services, connecting customers to providers and anonymously running tenders to ensure cybersecurity needs are confidential.
The Impact
Reliable B2B cybersecurity sourcing
With support from McKinsey, CyberCompare moved quickly from inception to proof of concept, enabling the business to begin generating revenue within its first two months. Since launching, CyberCompare has connected customers with global providers of cybersecurity solutions and has expanded to other European countries.
CyberCompare’s knowledge platform and cybersecurity marketplace led to the onboarding of more than 450 customers across all sectors, including some of the largest enterprises in Germany, Switzerland, and Austria.
There is no one-size-fits-all approach to cybersecurity.
“On the customer side, the European platform is helping solve for the lack of reliable and trustworthy B2B cybersecurity sourcing, especially for large enterprise customers and public sector entities with complex security requirements,” says McKinsey senior associate Leo Leypoldt.
Customers are given a price guarantee that they won’t find the same security solution or service for a lower price, saving them an average 20 percent in cybersecurity spending.
“There is no one-size-fits-all approach to cybersecurity,” says CyberCompare chief technology officer Philipp Pelkmann. “As a truly state-of-the-art platform, we are excited to grow the brand and offerings to a wider base of businesses.”