What clients are usually looking for

When purchasing services from a digital agency, customers are obviously looking for a return on investment.
Normal expectations are on strategy, creativity, performance, return on investment. Whether it is about promoting a new product, increasing loyalty, or attracting new consumers, the client is looking for real and measurable results.

Data collection is always as important as before, and much bigger. We can see this with the “big data” trend, collected data has a very high value, since it helps big brands developing new consumer profiles and studying behaviors.

web application security statistics illustration

Risks are increasingly being taken into account

The first thing web security makes people think about is this big amount of data being collected without any limit, from the simple email address to the complex qualification questionnaire. This data is an easy and very profitable target for people selling them on the black market. An of course privacy is a big concern for consumers.

However the #1 nightmare of big companies is not on the data itself, but on potential damages caused to the reputation of their brand.

Risk Management

In fact, risks websites are facing vary greatly:

  • data theft
  • website defacement
  • bad content pushed on the website
  • accounts hijacking
  • espionage

But whatever the threat is, the brand reputation will be affected, especially if the attack is making headlines.

Starting with big brands

Domino’s Pizza, eBay, Apple (to mention well-know companies only) are making the headlines of newspapers or online press, reporting some interesting information about the damage caused by the attack, or the volume of stolen data. A simple search on Google with “has been hacked” will give you some names of recent victims.

Big bosses do not want to see their brand expanding the list. Some agencies are therefore forced (by their clients) to perform vulnerability scans or security audits, to mitigate risks as much as possible. When you know that out of 5 web applications, 4 have at least one critical vulnerability, the scan results are sometimes very painful for agencies.

Small websites are not immune

Big brands are a well-known targets, obviously because they are very popular and everyone talks about them. But a lot of other websites are quite often targeted, for diverse motivations : football clubs, political parties, specialized press websites, video games sites… no one escapes it, even small personal websites.

Agencies are adapting their offer to the context

Cyber threats have been here for a while, but are increasingly mentioned and are now a point of concern.
In order to deal with the reality and quite often to enhance their image, some agencies and IT providers start suggesting “security audits” or “security tests” to their clients, as an option.
This security audit will complement the web application development tasks once finished, and ideally before the website goes live.

security compass illustration

Some companies developing websites and mobile applications contacted us to add this option to their proposals, and it appears to be more and more expected from their customers, who are aware of digital risks.
Considering that performing such a security audit on a website remains quite a particular service for which agencies do not necessarily have skills, outsourcing it seems to be a logical choice.

Their customers are now aware of risks related to web security, and appreciate the fact that agencies care about their brand reputation and, more broadly, about their projects. An additional that makes sense within today’s context.