According to the Ponemon Institute, globally the average annual cost of cyber-attacks is somewhere in the region of $9.5 million - in a cyber-threat environment where it's been estimated that a single hour of downtime on the computer network of a small to medium-sized business can cost them around $45,000.
Data breaches, Denial of Service, ransomware, phishing scams, and good old-fashioned malware: all of these have contributed to pushing cyber-threats and cybersecurity into the public consciousness.
And they're driving a growing industry sector which a Cybersecurity Market Report published by Cybersecurity Ventures estimates will generate worldwide spending of over $1 trillion on cyber-security products and services, between now and the year 2021.
So, lots of growth in prospect. But unlike other areas of the digital economy, cybersecurity lacks the product awareness and "sex appeal" that impels customers to automatically grab those goods and services off the shelves. But with these marketing strategies, you'll position yourself to benefit from this evolving sector.
Each market demographic – individual consumers, small to medium-sized businesses (SMBs), large commercial enterprises, etc. – has its own specific needs, priorities, and expectations from cybersecurity products and services.
So, if you're looking to appeal to a wide range of customers, you'll need to tailor your marketing messages to suit each particular sector that you're targeting.
In the retail and service industries, the value of creating customer or buyer "personas" has long been valued – and it's a strategy which can be just as effective in the marketing of cybersecurity.
A buyer persona is a fictionalised construct of the typical client – complete with name, job title, interests, income, and personality traits drawn from market and statistical analysis of real-life individuals in the same demographic.
Buyer personas may be created for each market sector that you wish to address –- and it's to these idealised customers that your digital content, marketing, and sales efforts should be directed.
As the commercial sector typically yields the highest revenue for cybersecurity providers, it's the SMBs and larger enterprises that require the most attention.
In business organisations and other institutions, responsibility for information and network security usually falls to senior level executives and IT personnel – so these are the kinds of customer personas to concentrate on.
At enterprise level, the kind of personas most likely to be relevant are the Chief Information Security Officer (CISO), the Risk Manager, and/or senior executives of the corporation and IT stakeholders.
For small to medium-sized businesses, the Chief Executive Officer (CEO) and Chief Financial Officer (CFO) – who may be the same person, for a single-ownership company – are personas to cater for, along with the officials charged with managing day-to-day business operations and IT matters.
With the increased level in public awareness of privacy and security threats, the cybersecurity market has seen an upsurge in activity. New operators have sprung up to compete with the more established players.
Buyers are faced with the prospect of multiple providers offering many of the same types of products and services – often pitched to them in the same kind of terms. In a competitive environment like this, you'll have to distinguish yourself from the rest of the herd, in order to get – and keep – your target customer's attention.
But you'll need to be careful in how you go about doing this. Playing to your strengths, and emphasising those characteristics or unique selling points that you bring to the table is your best strategy.
This might be a particular product or service that you're offering, or some other attribute such as the skills, resources, and specialist knowledge in your organisation. Making extravagant, unrealistic, or simply false claims about what you can or cannot do is not a good idea.
For one thing, since trust is a major factor in conducting business in the cybersecurity sector (or anywhere else, for that matter), bogus claims are a sure way of losing whatever credibility you have.
And there are the hackers to consider. Lofty claims about how hacker-proof such and such a product or system may be, are equivalent to waving a red rag at a bull, or painting a target on your chest.
Even corporate clients may lack the in-house IT expertise to make an informed decision on information security purchases. So it's up to you and your marketing effort to educate your consumers on what threats are out there, and on the products and processes available to combat them. It's in this arena that content marketing may be your greatest ally.
Content marketing is an indirect method of promotion which involves providing (or "giving away") information and resources relevant to your industry or market sector, while creating an association in the consumer's mind between the content they've just received and the organisation (that's you) delivering it.
Effective content marketing can establish you as a resource or knowledge base, trusted ally, or thought leader. And for a cybersecurity firm, these are qualities worth aspiring to.
But what kind of content should you provide? This will depend on your target customer base, and what you have to offer them. Some typical examples would include:
According to EY’s 19th Global Information Security Survey 2016-2017, only 22% of the of information security managers and IT leaders surveyed admitted to fully incorporating information security into their corporate strategy and planning.
Despite the prevalence of cyberattacks and the high cost of data breaches, most organisations still don't consider cybersecurity as a priority issue.
So, one of the things your cybersecurity marketing strategy must achieve is to instil a sense of urgency in your prospective and existing customers – about the scale and nature of the threats they face, and about the need for them to implement the policies and procedures required to keep them safe.
This is a job that demands information dissemination and communication – both of which your Content Marketing funnel should be able to achieve.
Corporate bodies and commercial organisations are made up of individual human beings – and nothing speaks more effectively to a person than clear and current information that addresses issues of personal interest and relevance to them.
So, your marketing message should take into account the needs, environment, circumstances, pain points, and specific threat areas relevant to your target audience.
Well-crafted and regularly updated customer personas are key to this, as knowing who to speak to and how best to reach them will directly influence the way in which you present breaking news about fresh security incidents or technologies, and how current developments in the market may affect your customers specifically, or apply to their industry or market sector in general.
The process of establishing yourself as a resource base or thought leader may be assisted by giving visitors to your website, blog, eCommerce portal or other contact points something of yours to take away and remember you by.
An email bulletin, eBook, whitepaper, or podcast detailing some issue of relevance to your visitor could be offered as a free download, for example.
And in an economy where "try before you buy" is becoming increasingly common, free trial downloads or limited-time subscriptions of your security products and services can act as a hook to engage their interest, and help ensure those essential return visits.
Inbound marketing analysts at HubSpot reckon that 75% of executives watch work-related videos on business websites at least once a week – and that 59% of them would rather watch a video than read through a truckload of text. So, if you're not incorporating video with your content marketing strategy, you should be.
Beyond the "How to" primers and tutorials already described, video provides an ideal format for presenting case studies, product demos, or for illustrating the effects of cyber-threats of various kinds.
If there's time-dependent information (such as a critical piece of research or a new threat discovery) that you need to get out to your customer base as a matter of some urgency, you may need to consider using one or more paid promotional channels.
Though the cybersecurity sector is notable for its intense competition in paid advertising (not to mention the associated costs), the strategic and occasional use of paid channels can provide dividends. Avenues to consider would include sponsored posts on LinkedIn, or Google re-targeting ads.
We've already observed that trust is a major factor in establishing and maintaining relationships with your customer base. The way that you're perceived – and seen to be perceived – by others in their industry and by the world at large can play a part in this.
It's no coincidence that successful cyber-security firms prominently display case studies, testimonials, and customer referrals on their websites and online presence points. These kinds of statements speak to your professional competence and reliability, and create a positive impression about your organisation in the visitor's mind.
How you go about collecting a portfolio of positive reviews is up to you. Methods would include submitting your software or services for review or assessment by reputable IT magazines and forums, publishing case studies of your successful dealings with existing clients, or providing incentives (such as a discounted service plan, or free software) for new customers to provide a testimonial when they sign up with you.
Just to stress again that, "Making a name for yourself, in the cybersecurity market," and "Putting your name to spurious claims that set you up as a target for hackers, ridicule, legal action, or worse," aren't the same thing.
Trustworthiness and reliability are keys to success, in the cyber-security sector. And these qualities should be baked into the information you give out, and the products or services that you provide.
Being credible and reliable becomes much easier when there's accuracy to the facts and figures that you disseminate, truth in the reports you issue and the claims you make, and transparency in the information you provide – and in the way you treat your customers.
Finally, a successful cyber-security marketing strategy takes time and patience. Given the way they work and the possible implications if they don't, security products require a degree of research and assessment, before a customer will commit to a purchase or subscription.
As a result, the average sales cycle for a cybersecurity firm is six to twelve months – and longer, in some cases. So if you're entering your marketing campaign in hopes of instantaneous results, think again.
You'll need to take the time to first engage your customer's attention, establish your credibility with them, keep them engaged in the discovery process, and nurture your relationship with them, as you guide them on the journey toward that coveted deal.
This will require persistence and patience, on your part. And if you need assistance in planning and implementing your content marketing strategies, get in touch with the good people here at markITwrite.
Beth Powell, Expeed Software
Doug Nebeker, Power Admin
Denise Darienzo, net2phone
Viktoriya Gorod, Starwind Software
Bill Lewis, New Offerings