Controlling the controllable
How marketers can effectively engage cybersecurity decision-makers in 2024
A comprehensive guide to creating an effective cybersecurity communications programme that attracts the attention of prospects in 2024.
The cybersecurity vendor landscape is competitive and ever-evolving. For anyone in the space selling its products or services, this demands a nuanced marketing and communications approach. Cybersecurity has its own special marketing and sales challenges. Engagement with prospects and clients can be challenging, but when done right, it unlocks huge potential.
Cybersecurity services and products battle against myriad threats, from nation-state groups to people-related cyber risks. There are a lot of vendors vying for the attention of your target audience. The market is fiercely competitive and while Resonance's research found that cybersecurity budgets are staying roughly the same this year, standing out from the crowd across your buyer's journey is critical for success.
Cybersecurity buyers differ from other types of tech buyers due to the unique nature of security needs, the criticality of trust and reliability, and the evolving landscape of threats. Understanding these differences can help tailor marketing and sales strategies effectively.
Risk Aversion and Trust: Cybersecurity buyers often operate under a higher degree of risk aversion compared to other tech buyers. The potential consequences of a cybersecurity failure—such as data breaches, financial loss, legal repercussions, and reputational damage—make trust and reliability absolutely critical in their purchasing decisions. They tend to favour vendors with proven track records, strong reputations, and third-party validations (e.g., certifications, awards, or analyst rankings).
Technical Savviness and Detail Orientation: Given the complexity of cybersecurity solutions and the sophistication of threats, buyers in this space are generally very technically savvy. They require detailed information about product capabilities, integrations, compliance features, and the specific types of threats addressed. This contrasts with more general tech buyers, who may prioritise usability or cost over technical specifics.
Longer Sales Cycles: Due to the need for a thorough evaluation, the decision-making process for cybersecurity solutions often involves multiple stakeholders, including IT, security teams, compliance officers, and C-level executives. This can result in longer sales cycles than other technology purchases, where decisions might be made more rapidly and with fewer inputs.
Regulatory Compliance Concerns: Cybersecurity buyers must often consider regulatory compliance as a key factor in their purchasing decisions, more so than other tech buyers. The need to comply with industry-specific regulations (like GDPR, HIPAA, or PCI-DSS) means that they look for solutions that not only protect against threats but also help meet legal requirements.
Dynamic and Evolving Needs: The cybersecurity landscape is constantly evolving, with new threats emerging at a rapid pace. This means cybersecurity buyers must be forward-thinking and prioritise solutions that offer adaptability and timely updates. Unlike other tech sectors where buyers might seek solutions to address stable, long-term needs, cybersecurity buyers need to anticipate and adapt to change regularly.
Community and Peer Influence: Cybersecurity professionals often rely on a tight-knit community for recommendations and insights. Peer opinions, industry forums, and professional networks play a significant role in influencing purchasing decisions, perhaps more so than in other tech buying processes where reviews and vendor marketing might have more sway.
Understanding these differences is crucial for vendors aiming to effectively engage with cybersecurity buyers. Tailoring communication, demonstrating deep industry knowledge, providing clear evidence of value and reliability, and fostering community engagement are all vital strategies in this unique and critical field.
Thankfully, here at Resonance, we have oodles of experience producing cybersecurity communications programmes. When creating these for our clients, we have one focus in mind - your prospect. By placing them front and centre, marketing and communications programme deliver a greater return.
Our latest research provides a guided journey through the hearts and minds of your prospects.
Our number one recommendation is, whatever you do, know your audience.
Read on to learn:
- How prospects consume cybersecurity knowledge today
- Where prospects look for vendors in 2024
- The nuances surrounding prospects' internal decision-making
- The trends and challenges topping the charts
If you are a CMO, communications manager, PR manager or analyst relations professional, the below insights are for you.
We hope you walk away with a better understanding of how to optimise your marketing and content spending to succeed in 2024.
So sit back, grab a cup of something and read on.
The cybersecurity Market in a flash
Over the past few years, the cybersecurity market has witnessed significant consolidation and expansion thanks to established players acquiring niche vendors and emerging new vendor categories.
The market’s growing complexity reflects that of the threat landscape it battles, with an ever-increasing demand for holistic security solutions to keep malicious actors at bay. However, while holistic solutions usually belong to monoliths like Palo Alto Networks, this trend doesn't signify a diminishing role for smaller, more targeted players.
The industry requires a blend of holistic and innovative solutions. Without this blend, there’s no chance it’d be able to keep pace with the threats out there.
The AI-lephant
Let’s not forget the “AI-lephant” in the room. The integration of artificial intelligence (AI) and machine learning (ML) into security solutions represents a significant advancement, enabling proactive threat detection, improved incident response, and a strengthened overall security posture.
But, this works both ways. Threat actors have been handed superpowers - able to craft malicious code, phishing campaigns, and many other attack vectors in a matter of minutes. While still quite early, the cyber market will continue to shift as a result and marketers need to be able to capitalise on this - more on this later.
The rise of managed security services (MSS) highlights a growing preference for outsourcing security infrastructure operations. This allows businesses to focus on their core activities while ensuring effective cyber protection. Finally, evolving data privacy regulations like GDPR and CCPA are creating a new imperative for vendors. They must demonstrate compliance and prioritise data security within their solutions.
Cookie-cutter won't cut it
In this fast-moving market, out-of-the-box comms strategies just won’t cut it. While we can’t predict outcomes, as communications professionals we need to control what we can and ensure we focus on creating a programme that helps your organisation stand out from the “cyber crowd”.
Establishing thought leadership through insightful content, creating your own news through research, and engaging with industry influencers and analysts, has become crucial for standing out in this competitive environment. Understanding these trends and challenges is paramount for cybersecurity vendors to develop effective strategies and maintain a competitive edge in 2024.
Our research, which interviewed IT decision-makers, mainly IT Directors and Managers, found that 40% of cybersecurity budgets will mostly stay the same this year. However, if budgets do shift - they’ll most likely be in an upward direction. This is great news for marketers as the door is open for us to place ourselves in the eyesight of IT decision-makers with a bit of cash.
But before we do that, we need to understand where those eyes are looking.
Decoding Your Prospect's Info-Diet: Navigating Cybersecurity Consumption Trends
Content across the stages: Knowing the buyer journey
When it comes to cybersecurity consumption habits, it is critical to understand that information on certain topics is consumed in different locations at different times in the buyer journey. To help you figure out where content needs to go at what point in the buyer journey, we’ve split this information into three buckets: information on cybersecurity issues and trends; information on products; and information to shortlist solutions.
Cybersecurity Trends
How IT decision-makers typically get information about cybersecurity trends
Our research of 200 cybersecurity professionals, ranging from CIOs to CDOs to IT managers shows that cybersecurity and technology news sites are the most popular source for IT decision-makers to keep up with the latest cybersecurity trends. And let's face it, there's a lot to keep on top of.
Dedicated news platforms focusing purely on cybersecurity and emerging tech are seen as the most valuable and credible source of insight.
Professional networks and industry analyst reports also scored highly. Leveraging peer perspectives and market analysis likely provides useful context and different lenses through which to interpret cybersecurity developments. The high position of these sources clearly shows IT leaders appreciate require external validation and expertise in their day-to-day.
LinkedIn Lags: Why Cybersecurity Pros Crave Credibility Over Quantity
Comparatively, social networks like LinkedIn score lower than specialist publications and networks. While LinkedIn provides a huge volume of content, the data implies IT professionals prefer more niche and targeted thought leadership to filter meaningful cybersecurity insights from the noise.
LinkedIn's lower score compared to specialist sources can also be attributed to concerns around trust and credibility. In the cybersecurity field, where the stakes are high, professionals prioritise information from highly credible, specialised sources known for their authority and accuracy.
Overall there is a clear preference amongst IT decision-makers for specialty cybersecurity coverage over generalist sites and content distribution platforms.
Trends today
What IT decision-makers see as the hottest topics for the coming year
AI: Riding the Wave Without Wiping Out
Unsurprisingly AI tops the charts as the trending topic for the industry, followed by Zero Trust security models. On top of this, it is also the topic IT decision-makers are most interested in learning more about in the next six months. It’s important to understand what your prospects consider the most pressing topics and - IF* relevant - ensure you are part of the conversation.
[*The IF here is key. If you don't have an authentic need to discuss a topic, don't do it for the sake of tagging in to the hype. It'll have a negative impact on your brand if you are just seen as bandwaggoning.]
While we all might be feeling a slight AI-fatigue, akin to what the industry must have felt when the internet first went live, your comms programmes need to adapt. You need to find ways to produce content about AI that fits within your broad messaging plans and that’s innovative enough to cut through the “AI-haze” littering the cybersecurity marketing ecosystem.
Don't get caught out by buzzword bingo
So how can you differentiate and begin to move beyond the buzzword? Your approach needs to be multifaceted. You need to engage in the latest conversations while staying clear of generic AI announcements. You need to delve deeper and focus on specific applications of AI within your cybersecurity solutions or important themes like regulation. Importantly, you need to bring it back to how it is going to help your clients, customers, and prospects. This showcases your expertise and avoids the trap of repetitive, uninformative rhetoric.
Where do you start?
- Always bring it back to why? Why should anyone care about this? Importantly, why should your customers, clients, prospects care? What impact in the near and long term will this have on their industry? What impact will it have on business in general and society at large?
- Leverage creative storytelling: Find new ways to talk about the topic. Luckily as a broad term, AI is moving so quickly that as long as your eye is on the news cycle, finding an innovative approach won’t be too difficult.
- Produce visual and multimedia Content: Utilise infographics, videos, and interactive graphics to convey complex AI concepts.
- Thought leadership needs thought leaders: Engage with the experts at your organisation - they’re on the frontline, so to speak, and at the very least will have an interesting or new viewpoint you can leverage.
- Encourage cross-department collaboration: Embrace unconventional ideas and approaches. For example, host brainstorms across departments, inspiration can often come from the most unexpected places.
- Incorporate humour and creativity: Inject humour and creativity to make AI-related content more engaging and memorable. Sometimes, the secret sauce to engaging with your target audience is engaging with them as a human.
If you can leverage the above steps and place them within an authentic comms programme, you’ll have no trouble producing AI content that is helpful to your clients and prospects. And a little bit of help goes a long way.
At Resonance, we are experts in helping organisations do just that.
Information on products
Where do your prospects go when Searching for a new solution to their challenges?
In cybersecurity, grasping where IT decision-makers turn for insights at each stage of their buyer journey isn't just useful—it's necessary. With a landscape as diverse as their needs, understanding these patterns offers a golden key for communication and marketing managers aiming to deliver messaging and storylines that resonate. Our recent survey, sheds light on the multifaceted approaches these decision-makers employ to gather product and service information.
The Primacy of Traditional Search: Standing at the forefront, traditional search engines are the go-to resource for 53% of respondents, emphasising the indispensable role of SEO and online content strategy in capturing the attention of cybersecurity professionals.
Media and Webinars Close Behind: Industry publications and webinars/virtual events closely trail, captivating 53% and 51% of the audience respectively. This underlines the critical importance of PR and interactive digital formats to engage and inform.
Analyst Insights Command Respect: Cybersecurity is a trust game. Garnering the trust of 50% of IT decision-makers, analyst reports and rankings, along with industry conferences (43%), highlight the weight placed on authoritative insights and community engagement for in-depth understanding.
Direct Vendor Communications Influence Decisions: With 31% turning to whitepapers, case studies, and vendor blogs, the impact of your owned media and content in guiding purchasing decisions is unmistakable, pointing to the effectiveness of detailed, problem-solving oriented communications.
Emerging Influence of Generative AI: Platforms like ChatGPT, though in their infancy, already draw the curiosity of 16% of respondents, hinting at the burgeoning interest in AI-driven self-education and information discovery.
The Value of Personalised Expert Feedback and Peer Insights: Industry conferences and analyst inquiries, engaging 43% and 26% respectively, underscore the significance of experiential knowledge and expert consultations in navigating the cybersecurity ecosystem.
Diverse Channels for Broad Strategies: Email marketing (30%), social media advertising (21%), and magazines/print media (18%) demonstrate the varied strategies employed by IT decision-makers, reinforcing the need for a broad, yet targeted, marketing mix.
It’s important to note that finding information out is a very different task to establishing whether you actually want to purchase a solution.
Shortlisting solutions
The criteria IT decision-makers use to shortlist cybersecurity solutions for further evaluations
It’s no surprise the data reveals pricing and cost-effectiveness carries the most influence when it comes to shortlisting solutions. This highlights the commercial realities facing IT leaders tasked with security investments – value is imperative even when protecting critical assets and data.
With media coverage bottoming out, followed closely by case studies, it’s a clear indication that when moving from the awareness to consideration stage the game changes, and your best chance as a marketer is to gain influence with analyst-focused outreach.
So while headline elements like features and compliance dictate early selection, compelling analyst relations, customer evidence and media visibility offer ways cybersecurity comms teams can showcase credibility and technical excellence to give their solutions an edge. The art is in crafting solution stories that resonate.
How can YOU begin to navigate these muddy waters?
As the research above indicates, cybersecurity prospects consume information from a wide range of sources at different stages of the buyer journey, from awareness to consideration to decision.
With stakeholders accessing information across multiple channels, comms strategies need an integrated approach - a holistic communications programme that allows teams to "control the controllables". This means implementing coordinated public relations, analyst relations, inbound marketing, and content strategies that work together to amplify your messaging and meet your buyers with the right information, at the right point during the buyer journey.
At Resonance, our holistic communications programmes are designed to help cybersecurity organisations cut through the noise.
Our approach includes:
Public Relations: Our PR specialists secure high-impact coverage and thought leadership (guest articles) in national and top tier technology media, profiling organisations as innovative market leaders. Our secret weapon is that we are the best newsjackers around, which allows us to inject our clients into timely news cycles while proactive pitching places key messages in leading publications.
Analyst Relations: We leverage long-standing analyst relationships to showcase innovation and drive adoption amongst influential advisory firms. These include Gartner, Keypoint Intelligence, and Everest Group, which ranked as the top three most trusted analyst firms for insights in our study. Analyst relations boosts market awareness and validation, and as our research indicates, is the most important controllable aspect to get your products shortlisted.
Content: Resonance creates bingeable, snackable content optimised for search and shares. Branded and ghost-written long-form articles, blogs, infographics, and more, tell client stories that move audiences along the path to purchase.
Inbound Marketing: With SEO, email marketing, lead gen campaigns, and marketing automation, we fuel a flywheel effect - using content to attract and engage ideal prospects. Our inbound services increase site traffic, generate leads, and accelerate pipeline growth.
With an emphasis on meaningful measurement, our holistic communications programme delivers targeted awareness, increased consideration, and sales velocity. Our case study above proves just that.
Understanding the Complexities of Cybersecurity Decision-Making
Understanding the decision-making process behind purchasing new cybersecurity products or services within organisations is crucial for those aiming to effectively target prospects. While each organisation will have varying levels of complexity to navigate - we need to attempt to do so from the outside.
Firstly, let's consider the data:
How many decision-makers are typically involved in the purchasing of a cybersecurity product/service
There are multiple decision-makers involved in the purchasing process, with ten or more involved in some instances. It's a complex situation and it should be. They're choosing to purchase their proverbial armour. In a way, the numbers are almost comforting given that there is so much emphasis on getting cyber solutions correct and ensuring a business is as safe as possible.
So, what does this mean for you?
You need a holistic plan of attack involving all the components mentioned above - and this is exactly where Resonance can help.
By establishing a robust online presence and cultivating positive media coverage through strategic PR initiatives, you can elevate brand awareness and establish yourself as thought leaders within the cybersecurity domain.
The development of high-quality, informative content tailored to the specific needs and challenges faced by different stakeholders within the decision-making process is paramount. This content, such as blog posts, white papers, case studies, and other relevant materials, can serve to educate potential customers, address their concerns, and ultimately position your offerings as the optimal solution.
Through the targeted distribution of this content via social media channels and industry publications, you can ensure your message reaches the "correct eyes" within the complex decision-making sphere.
This comprehensive approach empowers cybersecurity comms professionals to not only effectively engage with all relevant stakeholders but also successfully communicate the value proposition of their products and services.
Challenging the Status Quo: The Evolving Landscape of Product Promotion
Over the past few years, we’ve noticed a crucial shift in how IT decision-makers identify and evaluate solutions.
While issuing press releases announcing product launches may have served in the past, there is now a need for a more nuanced and impactful approach. Our stance is rooted in the diminishing returns associated with solely relying on traditional media coverage. And our research backs this notion as evidenced in the data above. When building a comms program, it is critical to recognise this limitation. In other words, only a limited number care about product updates. What people do care about is IMPACT.
You need a multi-faceted product approach designed to resonate with a broader audience and demonstrably influence the decision-making process.
Our research indicates that the best way to achieve this is through AR and a concerted focus on market presence - which go hand in hand. However, as our research also shows, distributing product releases is still important, it’s just not what’s going to get you through your prospect’s door. Instead, success lies in cultivating a broader narrative that fosters industry engagement and thought leadership leveraged within different spaces for enhanced market presence.
While we’ve already touched on analyst relations - it’s important to outline market engagement in a holistic comms program.
Leveraging Market Presence: Direct Engagement with Stakeholders
Market engagement is an exceptionally powerful tool that underpins any successful cybersecurity comms programme. As such, it’s imperative to actively participate in industry conferences, workshops, and webinars, and we constantly push our clients to do so. There aren’t any downsides, as this presence allows you to:
Showcase your thought leadership: Through presentations, demonstrations, and insightful discussions at cybersecurity events.
Network with key players: These events provide valuable opportunities to build connections with decision-makers, understand their specific needs, and address their concerns directly. These learnings can then be applied to the components of a holistic comms programme.
Build brand awareness: By actively and consistently participating in industry events, people will begin to know your brand, which will help establish your organisation as a trusted provider of cybersecurity solutions.
By implementing this multifaceted and strategic market approach, you will be able to establish your brand quickly, with important decision-makers. This coupled with effective thought leadership and AR outreach, will ensure that your prospects know who you are and how you can help them. Let’s also not forget that all the other components feed into this too, from newsjacking the latest stories to producing SEO-driven blog content.
Take the holistic path
Thanks to a threat landscape that will eventually cost the globe over $13 trillion in 2028, the cybersecurity market will continue to change shape. While the myriad threats out there ensure that CISOs will continue to have many sleepless nights, it does present the notion that there will always be opportunities for marketers to crack into. But, as our research indicates, getting in front of the many decision-makers involved in purchasing is no easy task given the sprawling nature of available information. Your best bet is to deploy a holistic communications programme, involving PR, AR, content and inbound marketing.
And we are here to help you do that.