case studies

Humankind: When it comes to cyber risk management…it’s personal

by

About Humankind

Humankind is a pioneering SaaS company offering “conversational commerce,” a digital concierge platform that provides a 1:1 interactive, conversational experience for retail shoppers online—with a real person. Rather than chatbots, shoppers engage with personal advisors in real time via SMS—both during the initial shop and later on, with ongoing recommendations and reminders.

For example, REN® Clean Skincare uses Humankind technology to provide a “dedicated licensed esthetician” and asks customers to complete a skincare profile and upload a makeup free selfie to get the relationship started. “You’re gonna love this new way to shop,” Ren’s welcome SMS says, “because we do all the work.”

“The beautiful thing is that you build this trust quotient with the customer before, during, and after a purchase,” says Amit Masaun, Humankind’s Vice President of Engineering. “After you send a recommendation and they buy it, you can follow up, saying, ‘Hey, I’d love to share a really good skin care routine with you.’ You can then walk through their products and help them further. People really appreciate that post-purchase touchpoint.”

Established in 2021, Humankind’s client base includes 11 major retailers, among them Saucony running shoes, the Wine Enthusiast furniture, and Olaplex haircare—companies that pride themselves on a personal touch.

The Business Challenge

“As an early-stage startup, we didn’t necessarily think of being cyber compliant and doing those things up front,” Masaun says. In that way, Humankind is typical. For small startups, particularly in the SaaS arena, cyber security is not first on the To Do list—falling somewhere below recruiting investors, product development, and pursuing sales. More established small and medium-size businesses also tend to table it. In fact, though 88% of small businesses surveyed feel they are at risk of a cyber attack (according to the SBA), as few as 20% have a cyber risk management program in place.

Success can bring the issue to the forefront, however. More and more enterprise clients are asking their existing and prospective vendors, contractors, and partners about the status of their cyber security efforts. And they won’t close a deal without it.

For Humankind, the business challenge can be summed up in a single question—from a potential enterprise client that was willing to say “yes, if…”:

“Do you guys have a security compliance program in place?”

In that moment, Humankind found itself in the same position as many SaaS vendors, contractors, and partners. It had a product poised to disrupt an industry. It was in talks with an enterprise client that seemed eager to make a deal. The self-described “scrappy startup” saw not just necessity but possibility in the client’s question.

“Not yet…” was Humankind’s response. And then they got to work. With the client’s “big, scary” security and compliance questionnaire in hand, Humankind went in search of a partner that could get them—and their client—to a yes.

For Humankind, the question prompted a process that any SaaS company would eventually need to pursue. “What better time to start than now?” Masaun recalls thinking. “We figured we’d use this as an opportunity.”

The fact that we get a virtual Chief Information Security Office (vCISO) as part of that package is phenomenal. We get great dedicated direction as to what to do next and what are the highest priorities for us, and that’s been huge.

Amit Masaun

VP Engineering, HumanKind

The Trava Solution

To “get to yes” was a daunting prospect, given the details requested. Humankind sought more than just an automated assessment platform without follow-up such as interpretation and prioritization. Humankind as a company was all about high-touch service. In the world of cyber security management, that led them to seek an ongoing relationship with real-time guidance on assessments, mitigation, and ongoing monitoring. In short, what Humankind wanted was a human—or a team of them—that could work in true partnership with their team.

And that’s exactly what they got. “Trava takes a hands-on approach,” Masaun says, with a comprehensive program including initial assessment, prioritized mitigation, and ongoing monitoring cadence.

But there was one more element that made it a perfect match: “The fact that we got a virtual Chief Information Security Officer (vCISO) as part of that package was phenomenal,” Masaun says. An open dialogue and biweekly check-ins help take some of the mystery out of cyber security. “I get some great dedicated direction as to what to do next and what are the highest priorities for us, and that’s been huge,” Masaun explains. “And when a client inquires, Jim is always happy to jump on a call with somebody and let them know what our path is. That really seems to make folks happy.”

With documentation stored on Trava’s proprietary platform and updated at a regular cadence—and actual humans to guide the process—cyber risk management has become a matter of course for Humankind. 

Meeting the documentation requirements of that first client set Humankind up well for subsequent requests, shortening the time between a negotiation and signed contract—a good lesson for other SaaS companies eager for enterprise clients.

In fact, since that first enterprise client inquiry, Humankind has signed contracts with a number of large companies. “Now,” Masaun says, “we’re able to tell them that, yes, we do have a plan in place.”

And if they want to talk to Humankind’s vCISO, he’s just a phone call away.

Words of Advice

For startups, don’t wait. Within 12 to 18 months of launching your business, start thinking about adopting a cyber security policy—sooner if you get a client request. You read about cyber attacks and data breaches every day. Be proactive about protecting yourself against being the next person in the news and losing face with customers or potential customers.

    Questions?

    We can help! Talk to the Trava Team and see how we can assist you with your cybersecurity needs.