From working with numerous cybersecurity clients over the past 15 years I've seen firsthand the challenges of marketing in this space. When it comes to security, you need to stand out, but at the same time you can't be too bold. Finding this balance and communicating to the different roles in the IT organization - from operations to security, admins to managers to executives - is what can take you from a struggling company with an innovative solution to a successful and even profitable company (if that's one of your main objectives). Here are the top cybersecurity marketing challenges and some tips to address them:
1. STAND OUT FROM THE PACK, BUT BE CREDIBLE.
Security pros know that nothing is 100% secure... so you better not make outlandish claims because you will lose all credibility... and in security especially this is huge. Hackers love to be challenged, so making claims that your software can't be beat is putting a target on your back and asking to be embarrassed. Your company and product positioning has to be strong enough to stand out, but it must hold up. Too many vendors use FUD and all the latest buzzwords such as APTs, cloud, DDoS, etc. to draw customer attention, but what ends up happening is that if you walk the exhibit hall of an information security event many of these vendors look and sound the same. Don't be afraid to get specific with what you do and show value to a business beyond "better security" ... which leads us to the next challenge and tip.
2. YOU CAN'T BE EVERYTHING TO EVERYONE.
The biggest mistake is trying to be everything to everyone. Seems simple enough, but I've seen too many companies make this mistake. I once heard a client say "we can sell to everyone". Big no no. Understanding your buyer is important for any industry, but in the information security space which is overcrowded and where messaging is so diluted that many vendors look the same, this cannot be overstated. Make sure you clearly carve out your security sector(s) (endpoint, network, cloud, data protection, datacenter, etc.) and understand what roles are the main buyers, influencers, etc. Are there regulations, or industry standards that are pertinent? All of these attributes can help you position your solution better to the right people in the right organizations.
3. NOTHING SELLS BETTER THAN HEARING FROM A CUSTOMER.
A customer program needs to be part of your marketing and sales process. Customer case studies are the best way to sell a solution - what better than a company saying how they use your product, the results, etc. The challenge (and reality) is that very few companies are willing to go on record. There are a few ways to navigate the challenge of customer references. When negotiating pricing, as part of obtaining a better price, have the customer agree to provide a public reference (and have this signed by someone in management). The optimal approach for both you and your customer is to do a video testimonial or a written case study so you can edit it and have it in a controlled environment. This gives you something that doesn't have a shelf life and it gives the customer some control (as opposed to conducting an interview with a reporter, etc.). This way you and the customer can agree ahead of time on the specific questions and how they would be answered.
4. CONTENT IS KING (IF YOU DO IT RIGHT)
In the marketing world, there is the saying "Content is king”. This is true, but it's not about having lots of content... it's about having content that is highly relevant and educational. This is more of a general tip, but in cybersecurity space people want to learn best practices and get hands-on guidance, such as "How to deploy xyz in your network" or "5 Tips to secure your data". This is content that provides explicit steps and recommendations that can be useful. Providing content that is more consultative can open the door to customers asking questions and evaluating your product.
5. DON'T FORGET TO INFLUENCE THE INFLUENCERS.
Look for keywords online and via social media tools such as Twitter to understand what security professionals are talking about. Start broad and then narrow it down more to your area. Not only will this plug you into current events you can latch onto (the latest APT, data breach, update to PCI-DSS, etc.), but you can also identify influencers in the security community. Short of getting a customer to go on the record, there are many security influencers (analysts, practitioners, bloggers, etc.) that you can engage with and help spread the gospel.