Security marketers are all battling to differentiate the problem they are solving and how the solution or service they provide helps to solve that problem better than anyone else. Driving home this latter point isn’t always easy given how crowded the enterprise security stack is today.
According to CSO, the average enterprise organisation has 75 security products deployed on their network and even more alarming is that 20% of global employees would sell their credentials, rendering most of these security products utterly useless. This combined with Cisco’s finding that 53 percent of organisations receive more than 10,000 alerts a day, it becomes clear just how chaotic it is to make your mark in security.
And yet, these products aren’t doing their job. In 2019, for instance, the FBI told 3000 businesses that they had been hacked… and they had no idea until they were notified. One 2017 Clark School study at the University of Maryland showed that there was a malicious hacker attack every 39 seconds.
Given these findings, it’s safe to say that the overall cyber market dynamic is predictable only insofar as it is unpredictable. In other words, the one and only constant is that enterprise risk is growing exponentially with no signs of abating. New hacking tools are ubiquitous, easily available, and boast near-certain anonymity, whereas the bounty of information or records that digital attackers want to steal continues to grow more than 30 percent per year.
As cybersecurity marketing goes, clarity and differentiation are harder today than they were ever before. This year, there were 280 exhibitors at Black Hat USA; the number was even greater for the RSA Conference at 700. Those vendors’ products more than likely fell into one of the (only) five main cybersecurity marketing categories identified by Allied Market Research: identity and access management (IAM), infrastructure security, governance, risk, & compliance (GRC), unified vulnerability management service offerings, and data security and privacy.
Walking the floor at these events is undoubtedly noisy and be more than a little frustrating, as each vendor kind of sounds like they do the same thing. This all begs the question: do we know who we’re marketing to, and how do we tell our story to those potential clients?
To whom are we marketing?
Certain companies do target their marketing campaigns to certain regions or verticals. But leaving aside those parameters, we’re all ultimately marketing to organisations that have aligned their budgets to their security needs. Reaching this point has required some substantial effort on their part.
As identified by WeSecureApp, these organisations figured out their goals and current security capabilities. They then evaluated whether their current technologies complement their current workflows and processes. Using that analysis, the organisations crafted a budget for the new applications, devices, and technologies they wanted to adopt over the next year that reflected the security function they wanted these assets to fulfill.
To craft an effective marketing strategy, it’s important to understand that these potential clients ask themselves lots of questions pertaining to their security posture. WeSecureApp specifically mentions how many take the time to figure out what they’re trying to protect and why as well as to measure their risk appetite. With those baselines in place, they craft a budget that closely aligns with their security strategy. No one wants to spend money unnecessarily, after all, which is why those to whom we really want to market our products endeavor to know their security priorities inside and out.
WeSecureApp expands upon the value of such self-reflection. "The bottom line is: it is all about your level of readiness," the company adds. "When we talk about “readiness” it is not about how much you spend on controls, but how good your controls are at defending your organisation. Once you get an understanding of the correlation between your readiness and what you are spending, then you can have deeper discussions on budgeting and performance ratios."
How to tell your story to clients
Despite the above discussion, readiness doesn’t always paint a clear road to any one solution. Many vendors operate in the same cybersecurity space, which is why we need to be careful about the story that we tell to clients.
What should this story look like?
Yes, you should highlight what sets your technology apart from other vendors. But everyone is doing that in their marketing, so you need to take it a step forward. What you need to do is frame your solution in terms of trust. As noted by Andrew Burt for HBR, clients need a solution which they can use not only to prioritise their own data privacy and security initiatives but also demonstrate their commitment to these efforts for their customers. With their ideal solution, clients can be completely honest about the digital threats confronting their customers and specify exactly what they’re doing to keep their customers safe.
By framing the message in terms of keeping their customers’ trust, you empower your clients by giving them the agency they want and need. Not only that, but you show them how your product can serve their business interests going forward. That’s the type of messaging that clients want to hear when it comes to a security product, so that’s what we should begin marketing to organisations going forward.
Interested in hearing leading global brands discuss subjects like this in person?
Find out more about Digital Marketing World Forum (#DMWF) Europe, London, North America, and Singapore.
it is not about how much you spend on controls, but how good your controls are at defending your organisation. Once you get an understanding of the correlation between your readiness and what you are spending, then you can have deeper discussions on budgeting and performance ratios.
Thanks