No Hidden Costs: How Black Kite Redefines TPRM Solution Pricing

Written by: Bob Maley, Chief Security Officer and Johnathan Bald, VP Sales

Recently, in The Forrester Wave™: Cybersecurity Risk Ratings Platforms for Q2 2024, Black Kite earned a perfect score of 5 in “pricing flexibility and transparency.” By comparison, runners-up received scores between 1-3. 

We’re excited to see this strong recognition of our pricing model because we believe that a straightforward pricing model in the security rating services (SRS) industry can make all the difference. A simple, transparent pricing model means more cost certainty and way less rebudgeting for your third-party cyber risk management initiatives. By contrast, a convoluted pricing model makes it challenging to fully leverage the third-party risk management (TPRM) solutions on the market today, as it requires teams to keep increasing their spend to unlock key modules.

Security Budgets are Tighter Than Ever

Most of today’s CISOs have found themselves constantly evaluating whether their security spending aligns with their security strategy. Many must work with the same or lowered budget but do more with these limited resources. Most significantly, many of them must secure new technologies and initiatives such as AI — often without added funds to do so.

As a result, today’s CISOs are more picky than ever about the vendors they choose (and rightly so!). While they want to ensure that any tool directly fulfills their organization’s needs, they also look for a level of trustworthiness in the vendor relationship. Even if a vendor provides an exemplary product, this level of trust can be broken if the platform keeps a critical feature behind a paywall or a few unexpected line items appear on an invoice. Today’s CISOs can’t afford these surprise costs, especially because many companies’ budget cycles only come around once a year. The world of TPRM is no exception to these rules as teams look to secure their increasingly complex cyber ecosystems.

Our TPRM Solution Pricing Helps Improve Cyber Safety Across the Globe

At Black Kite, our mission is to improve the health and safety of the entire planet’s cyber ecosystem, and we don’t want our pricing to stand in the way of that. We understand the frustration of being caught unaware by unexpected costs and therefore unable to take full advantage of everything a solution has to offer. So when we laid out the pricing model for our TPRM solution, we intentionally chose not to fall into any of these common tricks that hold CISOs back from successfully securing their cyber ecosystems:

Pricing Trick #1: Hiding key features behind a paywall

Most of us who work with SaaS products for some aspect of our business or personal lives understand the annoyance of getting into a great product only to discover that a game-changing feature is behind a paywall. The world of SRS is no exception. Some of these products have modules that could save countless hours and resources when activated. For example, our platform offers several features that replace the time-consuming and hard-to-manage process of parsing vendor questionnaires. If we followed the general industry pattern of putting these types of powerful features behind a paywall, businesses would have to shell out more money to use our platform to its full potential.

What Black Kite does instead: Our pricing and packaging model focuses on offering a full-featured product. In other words, we don’t hide capabilities behind paywalls. We offer two tiers — standard and enterprise — and our prospective customers find out upfront what each one contains.

Pricing Trick #2: Requiring customers to pay for onboarding services

Some cyber risk Intelligence companies also charge extra for crucial onboarding services such as employee training and product implementation. In many cases, the vendor must be involved in the onboarding to tune their tool for the organization’s specific environment and integrations. So, organizations usually must purchase these services. However, when onboarding entails additional costs, CISOs must go through two contract approval processes — one for the onboarding services and another for the product purchase itself.

What Black Kite does instead: We understand that onboarding is essential to success with a new product. So, we include critical setup tasks such as onboarding, enablement, configuration, and environment tuning with each of our two pricing tiers at no additional cost.

Pricing Trick #3: Charging additional costs for every new user.

In addition, it’s common to see SRS companies charge their customers whenever they add a new user. Essentially, this pricing model penalizes your business for growing or adding more users. This can be frustrating in TPRM because in many cases, both business- and security-oriented roles must view the platform to make data-driven decisions about vendors. However, sharing critical information about each vendor’s risk profile is challenging when you must pay a premium to add more users.

What Black Kite does instead: We understand that business and security leaders need to access a centralized platform in order to make informed risk decisions. So, both tiers of our platform allow unlimited users at no additional cost to drive more value for your business.

Quantitative Business Value with Black Kite

In addition to our high score in the “pricing flexibility and transparency” category in the Forrester Wave, we’re also proud to have scored among the top three providers in the market. This score reflects not only our upfront pricing model but also our product’s stand-out capabilities in usability, analytics, compliance, technical depth and threat intelligence.

Along with the transparent pricing choices we’ve made in our pricing model, we also tie security back to business value by using the Open FAIR^TM model to quantify risk by potential costs. All in all, we want to make third-party cyber risk management an easy sell for CISOs to make to their leadership teams. Then, we want to keep delivering that value by thoroughly and accurately quantifying and monitoring third-party cyber risk. We give your business all the tools and features needed to stay in control of your cyber ecosystem’s security. 

Check out The Forrester Wave™: Cybersecurity Risk Ratings Platforms for Q2 2024 to learn more.