Hervé Tessler – ‘Cyberattacks can mean total reputational death’

Noventiq president Hervé Tessler on how SMBs are increasingly aware of the damage done by cybercriminals and why IT leaders are bringing in outside experts

Noventiq, previously known as Softline, was originally a Russian company. It started to expand into emerging markets with 50 per cent of its revenue eventually coming from its home territory and the rest coming from emerging markets. However, due to the war in Ukraine, Softline decided to separate into two entities: Softline retained its brand in its home Russian market and relaunched as Noventiq internationally. Noventiq is focused on offering software and services, including cybersecurity, into emerging markets.

Softline began a major software licensing provider for Microsoft. However, over the past three to four years, it pushed into offering high-value offerings and services including cybersecurity. The company has both pushed into new emerging markets, including Saudi Arabia, Singapore and Bahrain, and has also acquired other IT providers, such as Bangalore-based cybersecurity specialist Value Point Systems in India and Seven Seas Technology in Dubai. Its goal in 2022 has been to open offices in 10 new countries. And although it continues to be a Microsoft partner, it is also working with new vendors including Amazon, Google, Apple and Cisco.

Today, Noventiq works with 75,000 customers in 60 countries in what has become a billion-dollar business. Clients include Orange, Hell Energy, Olympus, Nissan, e-on and Cambodia Airport.

Hervé Tessler was appointed president and COO of Noventiq in April 2022. He left France almost 20 years ago and worked for all of his career up to Noventiq at Xerox Corporation. Over the last decade at Xerox he was in senior operational roles, especially in developing markets such as Brazil. Between 2014-2017 ran corporate operations in the USA including IT, R&D and corporate accounts.

A lot of his time in America was spent spinning off its business process arm, which rebranded as Conduent. He stayed on at Xerox as executive vice-president of international operations, which included Western Europe and the developing markets, and moved back to the UK in 2017.

In 2020 he moved back to France just before the Covid pandemic and had a year spent at home with his family. He worked as a senior adviser for a Boston-based US private equity firm Advent International.

A self-described globetrotter, Tessler reckons he has changed roles and even continents every two-and-a-half years.

How has the cyber threat landscape changed since you entered the IT world?

When I joined the business 33 years ago, nobody ever talked about cybersecurity. I don’t recall the word. Everything was physical: what if somebody’s gotten into my flat or I’m afraid someone’s going to take my car, attack me in the street to take my watch or my wallet or whatever. Obviously, the world has become much more digital. All these fears and threats became digital. What I would say over the past few years is that we’ve seen a massive amplification of risk.

Large companies have a board and an IT group under the board looking at cybersecurity. They take it very seriously. They are scared to death of any brand damage. They are relatively focused, which is not the same as being well equipped. What I’ve found out over the last six months is that more and more small and mid-sized businesses are paying a lot more attention to cyber. When I open the newspaper, there’s not a day without a small story about a major cyber negative impact on a business. There was a recent cyberattack on a French hospital that sent them back to the Middle Ages – it lasted for months. Of course, SMBs taking cybersecurity seriously is an opportunity for us to help them with this threat.

My feeling about cybersecurity is that it’s always chicken-and-egg. Remember when everybody had car alarms fitted and they were always going off and it was a nightmare, right? Then alarms grew more sophisticated. It’s the same thing with cybersecurity. The bad actors are leapfrogging the Big Tech experts, who then improve their solutions to prevent a cybersecurity breach.

Is the war against cybercrime one which can ever be won. Or does the nature of the cybercrime was keep changing?

What I think is that it’s going to be a never-ending race. We will have to keep running. We will have to keep providing extremely sophisticated solutions to avoid the next disaster and the race will never stop. It’s not like you can quit running the marathon.

What trends are you seeing in cybersecurity when it comes to SMBs. Some smaller businesses will think, I’ve got antivirus software, that’s going to be enough.

I think SMBs are moving from what you just described, which is a kind of a transactional business. They’ve gone beyond buying a piece of software and thinking, I’m safe. I’ve bought software and ticked a box. They’re really moving on to the need for ongoing help, they need subject matter experts. They understand that configuring one piece of software from three years ago not going to keep them safe. They’re ready to pay for cyber because it’s expensive to add a consultant who can help them understand from where the threat can come. They understand they can’t do it on their own with a one-size-fits-all solution and they need subject matter experts.

What would you say to a head of IT for an SMB, who has to go to his boss and say, ‘Look, cyberattacks are evolving. We need to bring in outside experts but it’s going to be expensive.’ Many chief executives see cybersecurity as just a sunk cost. Like insurance, it doesn’t grow the business, so they’re resistant.

You need to go in to see your CEO and give them facts. “In our given industry, in the last six months, these three companies were all attacked, which cost them millions, and sometimes much more than that.” Sometimes total reputation death. I would go in with industry-specific, concrete examples of businesses which have faced a major security breach. Now we can find them unfortunately.

And then it’s a business discussion. It’s his responsibility to compromise. The CTO will have to make difficult decisions with trade-offs and on how best to use their budget. But cybersecurity should be on top of their list.

How much of Noventiq’s time is spent on education and educating staff? Do you think cybersecurity training should be made compulsory?

About 30-40 per cent of our time is spent on education and training with customers. The good news is that SMEs are acknowledging something is going on with cybersecurity. It used to be that we needed three hours to engage with SMEs to make them understand; now it’s an hour because they have a basic understanding.

I do believe cybersecurity should be mandatory. Most companies have compulsory training around compliance and ethics. But cybersecurity should be part of that, where each and every single employee should have a minimum level of understanding and knowhow. You need to kind of scale it and say any company above X number of employees should have compulsory training.

More Tech Leader Q&As

Jake Moore – deepfake is the next weapon in cybercrimeESET cybersecurity specialist Jake Moore on what safeguards every business should have to combat cybercriminals, how CTOs can make their job easier, and why deepfake video is the next front in the cyberwar

Clive Humby – data can predict nearly everything about running a business – Clive Humby, inventor of the Tesco Clubcard, on ways to stop feeling so overwhelmed by data, how to convince your CEO of its importance, and why data should look forward and not backwards

Tech leader profile: how the CMA uses data to protect us – Most consumers are unaware of how they are being manipulated when they buy things online, whether that’s skewed results on search or opaque pricing. The CMA is the consumer champion when it comes to digital. Yet its work also extends to tech business mergers, investigating algorithms and, increasingly, how Web 3.0 will affect all of us

Tech leader profile: business use cases for 6G – What are the business use cases for 6G? Given how spotty network coverage is for 5G, do we even need a next-generation cellular network? Alan Jones of Blu Wireless explains how cellular networks have evolved, and why 6G will be crucial for the metaverse

Avatar photo

Tim Adler

Tim Adler is group editor of Small Business, Growth Business and Information Age. He is a former commissioning editor at the Daily Telegraph, who has written for the Financial Times, The Times and the...