you will never hear from your golden mine potential customers
Did you ever wonder: why do big enterprises leverage their supply chain, meaning — they request in ultimative form from you as a supplier to have certain certifications like ISO 27001 or they will not work with you, while smaller companies never do that?
Because big enterprises always have an alternative: they can choose other suppliers, they can wait, delay the product release, they have room for mistakes. Smaller companies don't, and this is why they always choose the much safer option right now. They always choose the suppliers who already have the product or services certified and proven, and they always choose the company that already has the certifications. They will not say to you:
Oh, your product is great! But can you give us more security or quality assurance? Can you get the ISO certification? We will wait!
If you think like that, wondering why those customers choose your competitor instead of just asking you to be certified (because you could! you just never had the real reason to do that!) — think again!
No one will risk releasing a product based on your promises to get certified "soon" or services based on your word only that "everything is secure," "we take security seriously." No one ever trusts that without third-party validation. If you don't have it, it means you don't take it seriously and it's just words to you.
Bigger companies can wait and announce their requirements because they always have alternatives, and they can work with them for years until you decide to get certified. Smaller companies always choose already certified suppliers, even if they never say it to you.
