WHY SELLING IN CYBERSECURITY IS SO HARD
Written by :
BEN SKELLY
Posted on :
01.15.2023
Tags :
Marketing | Sales
LET'S EXPLORE SOME OF THE TOP CHALLENGES THAT COME WITH SELLING IN CYBERSECURITY, ALONG WITH ACTIONABLE TIPS TO MAKE IT EASIER.
Some Industries Just Hit Different...
It doesn’t take an experienced marketing genius to acknowledge a difference in effective tactics and techniques when selling to individual consumers (B2C) and selling into organizations (B2B). But within these sprawling categories exists another niche layer of industries where selling to a target buyer is tremendously nuanced — often due to the nature of the product or services being sold, or the natural disposition of the buyer. What works in financial services might fall completely flat in manufacturing, for example.
Having spent the past 15 years or so embedded in creative and marketing teams within cybersecurity, I’ve noticed several of these nuances, and witnessed executives coming from other industries struggle to adapt.
Here are a few of the top reasons selling in cybersecurity is particularly difficult:
Your Target Buyer Is Trained to Be Paranoid
You’re selling a solution to a buyer who spends most of their day being skeptical of the software they already have and the potential vulnerabilities they expose their ecosystem to.
While exceptions exist, the primary target-buyer for most cybersecurity tools is the Chief Information Security Officer (CISO). Even if your path “in” is at the practitioner-level, the CISO is typically your “Final Boss Battle” and the holder of the budget that you want a piece of. If their job isn’t already difficult enough, these poor bastards are being bombarded with pitches from people of our ilk all day and night.
You: “Hey, buy my tool and add even more software and complexity to your environment!”
CISO: 🙄
They often believe your product pitch is spam, would solve their problem no better than your bigger competition (who they already license), and only exposes them to additional potential risk. In a chaotic and noisy market – where skepticism is the default – it’s really f’ing hard to get their attention.
The Solutions Are Complex and Complicated
As I mentioned earlier, security professionals are a paranoid bunch, and so there are a large number of sub-industries designed to solve highly specific problems in often highly complex ways. Just consider the alphabet-soup of acronyms dominating the security software world: SIEM, SOAR, IR, RM, VM, RBVM, MDR, XDR, IDR, EDR, IOT, OT, EPP, SECOPS, APPSEC, PAM, IDS, IPS, MSP, MSSP… and many, many more. Each one solving different problems, with their own large pool of solution providers trying to convince your lead why their solution is more important than yours.
Consequently, the value of these varying cybersecurity products and services is often lost in translation. After all, many of these industries’ offerings are barely comprehensible to security practitioners, much less by non-technical executives. Additionally, the cybersecurity industry is constantly evolving, often reactively, which makes it difficult to create relevant marketing messaging that endures.
The Better It Works, the Harder to Justify
You wanna know what’s probably the longest-standing roadblock to selling preemptive security solutions for CISOs? Justifying the spend to management when breaches aren’t happening,
CFO: “We need to cut costs this year. You’ve been spending $100k for this Managed Detection and Response tool. We don’t seem to be a target for threats. Can’t we cut the contract and take this in-house?”
CISO: 
It’s a bit of a paradox, but if a security tool is doing its job, nothing nefarious is happening. With nothing nefarious happening, why do we need this tool? Of course, to the initiated, “nothing is happening” often because the tool is doing its job. It’s not until a successful breach that management wonders “how did this possibly happen, Ms. CISO?? Why aren’t we paying for protection?!”
So, How Can You Make It Less Hard?
Make it Easy to Understand and Explore. By making it simple to poke around your solution, you can solve a lot of the issues above. The most effective way I’ve found to accomplish this is through the creation of guided demos. The general idea is to build interactive use-cases, allowing a prospect to explore your tool as if they’re actually inside the dashboard. This lets you shape the narrative and highlight your solutions’ capabilities exactly as you intended them to be used, while showing them the most practical ways to reach value.
Don’t Play the ‘Spray and Pray’ Game. Cold emails with very little personalization, where it’s clear you did no research on them or their company, never works with this crowd (or many others). Direct to spam/trash — some will even block you. Make the effort to personalize the message, comment about where they went to school, a place they worked previously, anything to show you’re a real human trying to talk to another human. Does this take more effort on your end? Absolutely. Will it return better engagement? Absolutely.
Want to Start Selling More Effectively?
