By Ana Sgroi

“Tell me, and I will forget, show me, and maybe I will remember, involve me, and I will understand.”

Chinese proverb

It was in the midst of the pandemic scenario that I landed in the Customer Success area at Tempest Security Intelligence, a reference in information security services. Being in a company responsible for providing cybersecurity at a time of mass digitalization, when the General Law of Data Protection (LPGD) comes into force, is, in my opinion, a unique opportunity to observe how the customer who uses this type of service is assisted. Especially in a world that depends on technology as never before. When talking about information security services, what are the characteristics of excellence in services of this nature? How to create and provide the client with a perception of value and high service standards? What is the strategy adopted to add value to the information security service? These are some of the questions that this article intends to answer.

Before that, however, I need to register that the world as we have known it has changed. And the relationships between clients and suppliers haven’t had a different fate. We have changed our communication model. We have started to see each other through virtual meeting screens. We have engaged in incessant conversations through work chats to simulate the normality that has been left behind. We’re facing an inverted world, in which we have brought our tactile and daily life into the computers and cell phones connected every day, exchanging more and more data. With each new login, there is a new possibility of data theft in this new reality. This abrupt and massive change of scenery has raised the level of concern about cybersecurity. And it all happened overnight.

In his work Marketing 3.0, Phlip Kotler (2010) already pointed out the profound impact this relationship would suffer in transforming from a mechanical world to the digital one, with internet, computers, cell phones, and social networks. But the “marketing pope’s” analysis did not include the fact that a pandemic would make this digital transformation even faster. With a highly contagious virus on the loose, we locked ourselves at home (those who could) and started accessing the outside world through apps contained in tablets, smartphones, and notebooks.

Companies that still maintained their operations based on the traditional model were pressured to reposition themselves in order to secure market share. It wasn’t just a matter of choice, in this case, but of survival. And in every sense! However, this digital transformation is not simply about the emergence of new technologies. It’s a change that demands new processes, new business models, new customer experiences through a value-adding environment. With society immersed in the digital age, companies need to respect the multiple social roles. One of the premises of the customers that have emerged from this virtual world is the care that companies must take with the data entrusted to them.

With the exponential increase in cyber attacks occurring to ever more sophisticated degrees, providing security for the customers of Internet-active businesses has become a crucial factor. Data from the latest McAfee Labs report reveals that 327 threats are discovered every minute or more than 5 per second. Corporate data and customer information are the main targets of cybercriminals. This harsh reality has struck companies with such urgency that many have understood the importance of budgeting for innovation and providing a specific and urgent amount for information security. In addition, preserving customer information and providing a secure environment have become critical issues for business sustainability.

If in the face-to-face environment it’s fundamental to listen to the client in order to strengthen and tighten the relationship with him, now, in the virtual environment, it’s essential to provide him with security as the first step in this relationship. This is yet another adjustment that must be made and whose impact is profound between producers and consumers. Kotler had also observed that there would be a transformation in consumer behavior whenever changes occur in the macroeconomic environment. We are facing precisely this scenario. We have been overwhelmed by a pandemic that has reached our global village, interconnected by new electronic technologies, as defined by the Canadian Marschall McLuhan.


According to Keller and Kotler (2006, p. 397), service provision is an activity based on delivering a promise. Such a commitment must be in accordance with the expectation of those who purchased it. To offer services is to sell performance, not objects. Thus, it’s directly related to the human factor, which we can translate into a set of attitudes (empathy, attention, communication, flexibility) and postures (discretion, elegance, sincerity, humility) able to strengthen bonds, generate credibility and cause motivation in any business relationship since people represent the companies, whose business depends on these people, their expectations, desires, habits and trends. On account of these and other characteristics, the provision of high-level services depends a lot on those people who relate directly with customers. They are responsible for customer relationship management in each phase of service production.

The intangibility of the information security service demands great communication efforts. Without buildings, furniture, decoration, packaging, or even employees’ appearance to attribute tangible characteristics to the company, clients can only look for arguments that help them develop confidence in the service offered, such as reputation, brand presence, and recommendations made by partners.

To circumvent the risk of this intangibility, companies that sell information security services invest in studies that provide in-depth knowledge of their target audience, seeking to understand what they expect from the service and then provide them with an adequate and concrete service that draws on the expectations of this customer.

Here are the main characteristics of the services:


As mentioned before, the information security service is, essentially, intangible like so many others. However, this aspect tends to be reversed as soon as a fraud is detected, and millions are no longer lost, evidencing the quality of the service. This is one of the examples in which a service, at first intangible, gains substance, becoming immediately perceptible by the customer.

The intangibility is one of the characteristics of a service that implies more difficulty in evaluating quality and results because there isn’t a sample or prototype to try to reduce any risk at the time of hiring. Thus, when researching a service, people look for indications, references, or companies’ reputations before deciding on one or another.


The consumption of services is a constant in our routine. It is present when we access an app on our cell phone to order a meal or transportation, when we turn on our smart TV to access a streaming channel, or when we authenticate on the platform to start online classes (considering that in pandemic times, Distance Education has entered our daily lives). When we turn on a light, we use a service; when we turn on a faucet, another service is there. The consumption of these services occurs at the exact moment of their production, which makes them inseparable from their producer. Thus, we cannot return a defective service in the same way we return a defective product.

Let’s take as an example the implementation of the information security process in e-commerce. People from one company (the client) interact with people from another company (service provider) to ensure the protection of the environment through constantly updated techniques, practices and tools. It’s a scenario in which a service is being produced, and other people are cooperating so that this delivery can occur. At Tempest, we constantly hold technical meetings in which we try to get to know the client’s environment. The analyst at that moment is the “face and badge” of the company, putting his competence to the test. Part of the service is produced there, with one professional collaborating with the other. Without this collaboration, without this interaction, by providing the necessary information for the production of the service, the implementation wouldn’t happen. Do you realize here how much the service depends on human relationships to be built?

At Tempest, after the purchase of any service in the company’s portfolio, the customer enters the Onboarding process – a moment of guided implementation, responsible for guiding the customer to consume the service – when another aspect occurs in which the perception of service quality will be forged. During Onboarding, all possible barriers will be removed, such as technical configurations, which could hinder or impede the client’s progress in the consumption of the service he has acquired. Upon leaving Onboarding, the customer will move on to Ongoing, the process in which he will achieve his purchasing objectives. This customer life cycle is handled by the Customer Success team with the goal of guiding the customer so that he succeeds in reaching and exceeding the purchase objectives he had when he acquired the service.

All these moments experienced by the customer, these direct interactions with employees and even before the consumption of the services themselves, contribute to the customer to start producing his inventory of the perception of the service and, consequently, of the institution.


The genesis of services are people and equipment, and it’s precisely the human component that emphasizes its delivery, which makes it difficult to be standardized. In this case, all the internal and external players interfere and affect the quality every time the production of a service is repeated. If we take a medical consultation as an example, we can notice that the conduct of the patient, the office staff, and the doctor himself can affect the quality of the consultation that will be provided at that moment, and the expected result will depend on the mood of those involved.

Just like medical services, information security services cannot be wrapped and tucked under the arm, or delivered to the client in a bag with the brand name printed on it. Nor does it have tangible aspects, since it can be offered remotely in its completeness, as there is no shipping of merchandise. What can be done, according to Kotler and Keller (2006), is to seek the reduction of risks perceived by customers. Such a result can be achieved by demonstrating the company’s competencies, making adjustments to specific customer needs about the services, investing in training, and maintaining constant monitoring of customer satisfaction.


For Lovelock and Wirtz (2006), by being an act or a performance, a service is ephemeral – transient and perishable – and, therefore, it cannot be stocked after being produced. We can perfectly well include the information security service in this category since consumption takes place at the very instant of its production and cannot be stored for later use. Even if facilities, equipment, and labor are kept on standby to create the service, these elements represent only the productive capacity, not the service to be produced. A vulnerability management service, for example, cannot be produced for later availability in the customer’s environment. The mapping of risks is done in the environment itself and with the participation of the client.


The decision to implement an information security process is not an isolated step that can be taken overnight, because, far beyond the complex technical aspects, it is essential to guide the human and organizational axis, after all, it’s not about the simple implementation of bureaucratic protocols, but the dissemination of a culture that can involve and engage all employees who access the information and data of this company. When adhering to the information security process, it’s important to clarify to everyone involved that we aren’t just facing a simple installation of controls but the dissemination of an organizational culture that will guide the institution’s routine. We are talking about changing habits that are ingrained in the daily lives of employees and that, as such, require a lot of educational campaigns.

Far from being a procedures manual, the goal of information security culture is to make all employees aware of the risks that simple acts, such as connecting a device to the network, can cause to the company’s security. It is essential that people understand their role in the information security process. The adoption of this daily practice by the employees, suppliers, and managers involved is what will guarantee the strategic effect on the business. This active participation of the client is another important aspect to be observed in the information security service. Although the client does not experience or evaluate the service before consuming it, he can follow, through orientations, requests and instructions that are passed to him, the production of something that won’t be physically delivered, but whose result can be checked through the monitoring of his environment.

Edson Fontes, in Living Information Security (Sicurezza, 2000), is emphatic when talking about the importance of the practice of an information policy in companies. According to him, just as there is an explicit or implicit HR policy and a financial policy, the information policy equally demands rules and philosophies of use. Being explicit, the security policy helps in the awareness of users because it becomes evident to everyone that there is a desire of the company’s management to protect the value of “information”. All projects and activities must be in accordance with this policy, which must be simple, very well elaborated, and even better oriented.


There can be no harvest without first having a plantation. This premise is equally valid regarding the values that we intend to transmit to the customer so that he can “root” his satisfaction in relation to products or brands. But what are the essential values that can directly affect customer satisfaction? To serve with friendliness? To empathize? Show willingness to serve? Showing satisfaction and kindness in dealing with people? Alone, these attitudes are of little value, but when added together, they make up the “mix of quality and efficient service”.

You have to be careful, however, that these characteristics are worked in the most natural way possible to avoid a robotic and superficial service, which resembles a mocking interpretation. Sympathy, for example, is an attitude commonly linked to good service, but it should be used without exaggeration so as not to be confused with sarcasm. The keyword should be “empathy,” a condition that allows us to feel what the other person is feeling in any situation. Being empathetic is not being nice. Sympathy creates emotional involvement that can impair judgment. Empathy creates efficient communication; it’s a tool that makes it possible to understand the other person, to understand what they are and what they want.

In Marketing for the 21st Century, Philip Kotler analyzes the nuances that define excellent service for each customer. He cites as an example the service in a restaurant. Some customers prefer the waiter to come quickly, take their order correctly, and bring their food right away. Other customers feel that this means trying to get rid of them quickly on an occasion that should be a nice, quiet evening. According to Kotler, all service unfolds in a list of attributes: speed, friendliness, knowledge, problem-solving, and others. Let’s understand a little more closely some of the attributes that can make up a quality customer service mix.

Friendliness. This is the warm, spontaneous feeling that one person experiences toward another, something deep and sincere, worthy of more attention. When served by an employee with genuine sympathy, the customer is able to realize how important he is.

Empathy. Quality of someone who knows how to put himself in the other’s place, who listens to and understands his neighbor. Thus, when a customer reports, through whatever channel, that they have suffered a cyberattack, it is extremely important that the employee who has assisted them understands, accepts their distress, and immediately forwards it to the responsible area, reassuring the customer about the action taken and sending them the documentation to follow up on the case.

Ability to listen. This is a skill that requires willpower. The act of listening, and not simply hearing, makes it possible to help others. To listen effectively is to know how to discern and understand the client’s message.

Kindness. A kind person is one who contributes to more harmony in the environment. They spontaneously possess well-developed and appropriate social skills. Kindness implies generosity, altruism, solidarity, interest in others. It means offering friendship, returning with kindness, promoting courtesy, teaching, smiling, and making everyone around smile.

Willingness. To be willing is to show interest in serving and attending. This characteristic is for any professional, especially those who work on the front line with the customer. An unwilling person generates complaints and dissatisfaction.

Sincerity. A sincere person is the one who expresses themselves without deception, without the intention to deceive, who is frank and willing to recognize the truth. Sincerity is fundamental in customer relations. This quality also involves having the courage to even point out to the customer the points on which he may not be making good choices regarding the use or acquisition of a service whose profile is not oriented to him.


It’s common knowledge to say that communication is a powerful tool. However, it remains necessary to highlight its importance in building bridges with the customer. In the service sector, this is even more important. Besides being the way to reach the right customer, efficient communication is also the guiding light for that same customer to renew the service and evolve in its consumption. And, with the profusion of social networks, clients and consumers are much more engaged and empowered. Any dissatisfaction with the brand can be quickly exposed on social media. Likewise, a positive review can also add relevance to the brand.

This customer is skilled in handling the virtual environment and is always willing to give his opinion about that product or service; he comments on prices, quality recommends and criticizes without blinking. He is a consumer who is used to online shopping, who researches prices and quality before making any purchase. Therefore, he is willing to pay a little more to have a better quality product or service.

Every company should pay attention to the details of the service they offer, keeping the focus on the customer, reinforcing the points in the quality of service and developing constant actions that bring quality to the environment, the service, and customer satisfaction. For all this to happen, the company needs, first, to know who its target customer is.


Identifying the target audience is important because it allows us to map their needs and expectations, both current and future. The target audience is that segment of the market that the company wants to reach. When the public is known and understood, it’s possible to create a synergy between the company and the client, and this way, better meet their needs. The identification of the customer is an action that doesn’t occur only on the company’s part. It is carried out at every point of contact that the collaborators have with this customer, and, based on that, this relationship must be strengthened.

The Swedish consultant Richard Normann attributed great importance to these interactions with the customer, treated by him as “Hours of Truth”, that is, situations in which the customer interacts with the company and obtains a quality impression. Every moment of meeting with the customer is important for the company to get to know him better and, as a result, keep him satisfied. Next, we’ll see some basic traits that allow us to identify the types of customers.

Emotive. Very sensitive, emotionally needy, sentimental people who try to involve and take a lot of the attendant’s time. They expect an affective relationship, with a reinforced dose of empathy, they like to be called by their name repeatedly, so they feel that their feelings were understood along with the guarantee of a solution to the problem.

Rational. These are people who argue, have strongly rational criteria, reality data, objectivity, and present facts and details. With these people, it’s necessary to know in detail all their needs, have agility and quick thinking, and avoid expressions like: “I think that…”; “I believe…”; “it is possible that…”; “I am not sure…” etc. Convey as much knowledge and credibility as possible.

Talking. He talks too much and gets lost in the issues, is prolix and will try to get the most attention and time from the person who attends him. With the talkative, you should avoid getting caught up in his stories. Give your full attention, courtesy, and solution, yes, but managing the time and arguments.

Quiet. These are more introverted people who have difficulty communicating and expressing themselves verbally. They are afraid of exposing themselves; they just grumble and are monosyllabic. With this style of client, you should ask a lot of open questions, questions that require long answers and that make the person expose his point of view, providing positive feedback whenever possible.

Innovative. This type of customer believes that the people who attend him have an obligation to know everything and provide information about things that have nothing to do with the service he provides; he expects to always find a source of news. In this case, highlight a subject that you master about the service and make it clear that you can offer valuable information in this area of knowledge.

Negotiator. The negotiating customer seeks reassurance that they are getting some extra advantage from the purchase. To serve them, you have to be helpful and show them the benefits of the service being sold; be flexible in your proposal, but don’t give in easily to avoid mistrust.

Formal. These are people who are very attached to formalities labels, with strong moral prejudices. With these clients, the most assertive attitude is to pay attention to the language, the tone of voice, the speed and elegance when speaking and gesticulating, the choice of words that are within the client’s interests, in addition to objectivity.


There is a lot of talk these days about delighting the customer. Due to the increase and specialization of the competition, keeping the customer satisfied is no longer enough to ensure brand loyalty. The customer wants an outstanding experience when acquiring a product or service, and this goes far beyond simple satisfaction; the direction of this relationship with the customer is continuous enchantment. To enchant is to make a good impression, to surprise, to involve, and to offer an experience far beyond their expectations. The focus on customer satisfaction must be oriented to discovering the customer’s needs. They want efficient service, whether buying a product or service or in their needs to answer questions and seek information.

The digital revolution has played and will continue to play a key role in delivering customer satisfaction. Every day new ways and means of collecting and analyzing data emerge, which has broadened the possibilities and methods of this measurement. Today’s consumer, immersed in the social networks, well informed and aware of his rights and duties, demands excellent service and quality products. In his active role, he will no longer let the companies call the shots. He now has the power to end a business in a click, and companies need to be attentive to, along with their products and services, deliver a remarkable experience.


Focus on the customer

Ever since companies took the focus of marketing actions away from products and began to orient them towards customer knowledge, a constant search for improving and enhancing the customer experience began. Today, companies widely use their communication channels with the public to collect the highly valued customer feedback. And with this action, they not only seek to know better the desires of their customers but above all, to measure the level of their dissatisfactions. Engagement metrics are very powerful and useful in this sense. But it will do no good to collect numbers and data and then leave it on the company’s computers. Customer dissatisfaction can only be worked on and reversed when a service culture that involves the whole company is implemented in order to offer exclusive treatment to this public.

Faced with a communicated dissatisfaction, the client should not receive the classic answer “these are company standards”. He doesn’t deserve a rigid and robotic service. An attitude of commitment and responsibility must be assumed. In moments of crisis, one must show the customer that he is important to the business and involve him in an atmosphere of attention, comfort, and courtesy; analyze the situation that has been brought to him and look for the service history; and, through the related delivery, try to find out at what point of contact that standard wasn’t maintained.

Another assertive attitude is to guide the customer’s behavior towards an attitude of respect. Make him realize that without balance on both sides, there will be no consensus.

How to act when facing complaints

The complaint that comes from the customer must be very well managed because it’s a direct information that indicates that a certain service needs to be improved. The customer who complains is informing that the service provision did not meet his expectations, and he wants to be valued. An illustrative example is the one who complains about the constant delivery of a service consumed on a monthly basis, for example. Recurrent delays in the delivery of services generate a climate of dissatisfaction that is difficult to manage. If a client waits every Friday for a vulnerability report, there is a reason for him to request this date, and the team must put maximum effort into the delivery. If there is a delay, the customer should be notified in advance. Welcoming complaints and suggestions can be a sure way to correct flaws in certain areas of the company, such as detecting employees who do not act in accordance with the established conduct, seriously jeopardizing business performance.

Turning complaints into opportunities

Complaints must be treated seriously and, above all, without bureaucracy. It can’t be exhausting for the customer to formally register his complaint. Managing a complaint with agility means being able to use it quickly in the continuous improvement of customer satisfaction. This management represents an opportunity to strengthen ties with the customer. It is a unique moment to strengthen a relationship that is difficult to conquer and, even more, to maintain.

Hearing or receiving complaints doesn’t have to be a stressful obligation but a stimulating and challenging one. Without complaints, there is no way to detect and treat the dissatisfied customer. A consistent complaint should be interpreted as a fault and, as such, should be corrected. Remember: a bad service is engraved longer in the customer’s memory than a perfect, flawless service. Therefore, it’s necessary to anticipate the situations that are likely to fail and avoid disastrous consequences. In any case, the recipe is to act quickly and efficiently.


ALVES, Sarah. Vazamento expõe 8,4 bilhões de senhas e pode ser o maior da história. Available at 2021.

AMORIM, Yuri. A tríade da segurança: Confidencialidade, Integridade e Disponibilidade. Available at

CARVALHO, Flávio. O mercado de segurança da informação no Brasil. Available at 2013.

COBRA, Marcos. Administração de marketing. 2. ed. São Paulo: Atlas, 1992.

CHIAVENATO, I. Introdução e teoria geral da administração. 7. ed. Rio de Janeiro: Editora Campus, 2003.

______. Administração nos novos tempos. 2. ed. rev. e atual. Rio de Janeiro: Elsevier, 2004.

CHURCHILL, Jr. Gilbert A; PETER, J. Paul. Marketing: criando valor para o cliente. São Paulo: Saraiva, 2003.

DIAS, Sérgio Roberto (Coord). Gestão de marketing. São Paulo: Saraiva, 2003.

DURBANO, Vinicius. Segurança da informação: o que é e 12 dicas práticas para garantir. Available at 2018.

ELTZ, Fábio. Qualidade na comunicação: preparando a empresa para encantar o cliente. São Paulo: Casa da Qualidade, 1994.

FANTINATO, Giovana. De novo: vazamento expõe dados de 223 milhões de brasileiros. Available at 2021.

FONTES, Edson. Vivendo a segurança da informação: orientações práticas para pessoas e organizações. 1. ed. São Paulo: Sicurezza: Brasiliano & Associados, 2000.

GIGLIO, Ernest. O comportamento do consumidor. 2. ed. São Paulo: Pioneira, 2002.

GODRI, Daniel. Conquistar e manter clientes. 32. ed. Blumenau: Eko, 1994.

______.Administração de Marketing: análise, planejamento, implementação e controle. 5. ed. São Paulo: Atlas, 1998.

KOTLER, Philip; ARMSTRONG, Gary. Princípios de marketing. 7. ed. Rio de Janeiro: Prentice-Hall, 1999.

KOTLER, Philip; HERMAWAN Kartajaya; SETIAWAN Iwan. Marketing 3.0: As forças que estão definindo o novo marketing centrado no ser humano. 4. ed. Rio de Janeiro: Elsevier, 2010.

KOTLER, Philip. Marketing para o século XXI: como criar, conquistar e dominar mercados. 14. ed. São Paulo: Futura, 1999.

LAS CASAS, Alexandre Luzzi. Marketing de serviços. São Paulo: Atlas, 1991.

______. Marketing de serviços. 3. ed. São Paulo: Atlas, 2002.

LATTARO, Alex. Uma breve viagem ao desenvolvimento da Segurança da Informação – Passado, presente e futuro. Available at 2016.

LOVELOCK, Christopher; WIRTZ, Jochen. Marketing de serviços:pessoas, tecnologia e resultados. 5. ed. São Paulo: Pearson Prentice Hall, 2006.

MARQUES, João Paulo Haddad. O papel da comunicação no relacionamento com o cliente. Available at 2017.

MITNICK, Kevin D. SIMON, William L. A arte de enganar. 1ª edição. Pearson Prentice Hall, 2006.

NEO ASSIST. Kit – Satisfação do Cliente. Available at 2017.

PERRIN, Chad. The CIA triad. Available at 2008.

RIBEIRO, Julio. A imagem corporativa e o poder das virtudes invisíveis. Available at,,EDR84402-8373,00.html. 2020.

SCHWAB, Klaus. A quarta revolução industrial/Klaus Schwab; tradução Daniel Moreira Miranda. – São Paulo : Edipro, 2016.

SILVA, Denise Ranghetti Pilar da. STEIN, Lilian Milnitsky. Segurança da informação: uma reflexão sobre o componente humano.  Available at 2006.

SILVA NETTO, Abner da. SILVEIRA, Marco Antônio Pinheiro da. Gestão da segurança da informação: fatores que influenciam sua adoção em pequenas e médias empresas. Available at 2017.

UNDER. Gestão de vulnerabilidade: entenda por que é essencial. Available at 2020.