Customer references for your cybersecurity marketing efforts are notoriously hard to "secure." Inherent to the industry, companies are very squeamish about admitting they had a breach, or highlighting specific ways the company is protecting itself. Your IT/info sec contacts might feel it's akin to putting out a statement telling potential theives, "I protect my house with an ADT wireless system, with motion and glassbreak detectors, a video feed, as well as door contacts. Good luck!" That said, getting references is not a completely hopeless task. Here are five tips to help you increase your list of customer references for marketing.
1. Get all departments on board
It's hard to convince a customer to be a reference - of any sort - if sales, execs, IT and legal don't see how critical having cybersecurity marketing references is for the business overall. You'll need to show each department how having the customer be on board as a reference benefits *their* department, so be creative. Sales? It's certainly much easier to get new customers if current customers will discuss their experience with your company/product. Legal? Tougher sell. But let legal know that if your customer is willing to speak on your company's behalf -- whether it be to another customer, to the press, etc. then legal has less to review every time marketing or PR puts out something with the customer's name.
2. Put it in the contract
No, we're not kidding. Put acting as a reference in the contract. Offer a spliff. Working with sales, legal and execs, add in a discount for the type of reference. Willing to speak to press? Analysts? Potential customers? The biggest discount. Willing to speak to analysts and potential customers, but not press? Smaller discount. It doesn't have to be a direct monetary discount; it could be something as simple as an extra few months of support.
3. start at the top
The higher up in the customer's organization your contact is, the easier getting permission to be a reference will be. If your customer only has one level of management to ask, there is less red tape for everyone. CISO/CSO level is even better. It's much easier when your C-level execs can have a low-key conversation about what type of reference everyone is comfortable with, versus starting with IT, who has to go to his/her manager, who has to go to the director, who has to go to the VP, who has to go to legal, who has to go to ... the C-level exec.
4. offer customer incentives
Have a customer that's done something really innovative or different with your product? Have a customer that is using all of your products? Celebrate these achievements with an award or other shout-out at your next customer conference. Either create your own "award" to give out at your customer conference, or find out what awards are important to your customer and work with them directly on the application. If they've gotten a really nice write up in CSO, buy a reprint, frame it, and send it to your contact.
5. POint out what's in it for them
Many times, particularly if they aren't exeutive level, customers are worried that they are inviting hackers to go after their organization. As anyone in cybersecurity knows, hackers are already looking for holes to exploit in organizations ... so there's no teeth to that argument. Customers also worry that it could look bad for their organization, so getting permission is paramount. Use this opportunity to point out how, by being quoted as an expert in the media and in analyst reports, the customer him/herself is promoting their personal brand. Being seen as an expert in the field strengthens their personal brand in the market place providing valuable bargaining chips for job security and advancement.