Marketing Is Overpromising And Under-Delivering Cybersecurity

Marketing Is Overpromising And Under-Delivering Cybersecurity.jpeg

By Nathan Burke

There’s no other way to describe it: the fear-mongering of cybersecurity marketing is ruining the industry. That may sound sensationalist — much like the marketing tactics that the majority of the industry uses — but it is difficult to put current advertising attitudes into other words. Every other day sees a major cybersecurity breach, and every other day cybersecurity companies send out their marketers to transfer fear into sales.

In the cybersecurity industry, emotion is targeted rather than rationality, leading to a pervasive advertising culture of overreaction.

I should know — I’m in the industry, too.

An unfortunate truth is that this laziness is widespread. Why? Well, that is a good question, because there seem to be inherent flaws in the methodology of only using buzzwords, fear and superficial descriptions to sell digital peace-of-mind. But it does not need to be this way, and with a few small changes the industry can return to focusing on the most important thing: the customer.

Sex Sells — And So Does Fear

So what is happening here? In its most simple terms, cybersecurity marketers are chasing sales through tactics that do not properly represent the products they sell. It smacks of laziness: plenty of buzzwords and promises, but very little follow through. Most companies in cybersecurity never show the product or price or hard data, nor do they show you how their solution works. Instead, the vast majority focus on FUD — Fear, Uncertainty and Doubt.

This is most noticeable following a major or highly publicized cybersecurity breach. I guarantee that if tomorrow a major breach occurred at a corporation with stores of data, by the end of the day every cybersecurity vendor would have a white paper and webinar saying they would have prevented the hack.

IBM Resilient chief technical officer Bruce Schneier accurately describes why:

Security is a fear sell. It’s a choice between a small sure loss – the cost of the security product – and a large risky loss – the potential results of an attack on a network…. [One] option is to push the fear button really hard…. [W]hen we’re really scared we’ll do almost anything to make that feeling go away.
— Bruce Schneier


Fear! Fear! Fear! … Does It Work?

Short answer: Yes, but at what cost? Marketers have numbers to hit and quotas to fill, but the tactics currently in vogue hurt the industry as a whole. Cybersecurity salespeople operate in a crowded market and that means that companies want to be the first and the loudest to state that they would have stopped high-profile criminal hacking cases. They want to stand out from the crowd and yet they all use the same attention-grabbing methods in their pursuit.

This leads to a bigger problem: What happens when the scare tactic does convert into sales? As Lyft chief information security officer Mike Johnson summarizes, marketers jump on the latest breach or alert for the simple fact that it does work:

Much like spammers, they keep doing it because they are successful every now and then. Do not respond to the ambulance chasers.
— Mike Johnson

However, if consumers do take the bait and buy the product, it doesn’t seem like advertisers have thought of what happens next when the oversold product under-delivers. The consumer is going to find out, and where does that leave the software company? Yes, you get their attention and you get the sale, but what more?

The truth of the matter is the majority of cybersecurity software buyers, like chief intelligence security officers (CISOs), are aware of the marketing ploys and are sick of them. In fact, for people like Optiv advisory services executive director Peter H. Gregory, they are an automatic no-go:

For me, scare tactics are a big negative, and often such messages end up in the trash. FUD (Fear, Uncertainty, and Doubt) is a move of desperation and generally represents a lack of imagination. Instead of selling on fear, how about selling on business benefits?
— Peter H. Gregory

The current state of play is broken, but it remains profitable. Worldwide spend on cybersecurity products and services is predicted to surpass $1 trillion by 2021. This should come as no surprise, given that the average annual cost of cyber attacks to businesses and organizations worldwide is about $11.7 million, a costly sum to those affected. But the problem is that most marketers continue to think the only way to stand out is with claims that simply aren’t correct — which is strange because it really does not have to be this way.

Marketing Done Right

Now, before you go and delete all marketers from your contact list, know that there is a way forward for marketing and cybersecurity to coexist. And it doesn’t even require a revolution: marketers just need to start being more upfront about their product and its capabilities. Rather than jumping on trends or sounding the alarm, it is better to have a message that is worth repeating as their marketing strategy.

This is important because, quite frankly, CISOs are sick of the status quo. Johnson notes that the wrong marketing approach creates a “terrible first impression, all the more so if your email or product sounds interesting.” It isn’t only CISOs who are longing for change, but pockets of the marketing community, too. It’s frustrating to compete with those who stretch the truth, sensationalize or outright lie. Right now the advertising arm of cybersecurity is swamped by lazy practices and bad habits — and these make us all look bad.

Lastly, and perhaps most importantly, consider the customer. This may sound naive, but it really shouldn’t be when it comes to cybersecurity and sales. The customer is the one such products are trying to protect, so why can’t the sales pitch follow on with this theme?

About Nathan Burke

Nathan Burke is a cybersecurity expert at Axonius, a cybersecurity asset management platform that lets IT and security teams see devices for what they are in order to manage and secure all.

More About Nathan