Cybersecurity Branding: Five Key Imperatives for Success

Keeping the world safe from cybercrime is big business. In 2019, the cybersecurity market totaled $112 billion annually. By 2027, the market is expected to swell to more than $282 billion annually, an annual growth rate of over 12 percent, according to Fortune Business Insights. The reasons for this massive growth include the increasing prominence of e-commerce, artificial intelligence, the “internet of things” and blockchain technology. To keep up, and keep safe, companies and governments are devoting a growing share of their IT budgets to cybersecurity. The cybersecurity market is dominated by many of the long-time leaders in technology, such as IBM, Microsoft and Cisco, as well as niche cybersecurity providers like Symantec and McAfee. But exponential growth inevitably attracts new entrants, and this is certainly true of the cybersecurity market. In fact, Fortune Business Insights estimates that the small- and mid-size players will see the fastest revenue growth. For new players and established leaders, the challenge is the same: how to build market share in a rapidly growing industry in which competitors are proliferating. At DeSantis Breindel, we’ve had a front-row seat at this cybersecurity derby; in the past three years alone, we’ve rebranded several innovative cybersecurity companies in very different segments of the industry. All of them came to us with the same request: help us to stand out and above the competitive noise by defining and communicating a sustainable and authentic point of differentiation. Each of these companies faced unique circumstances in their quest to make an impact, but our experience working with them has uncovered five fundamental imperatives that any cybersecurity competitor must understand in order to build a successful brand.

Cybersecurity Branding Imperative #1: Forget FUD

The time has long since passed when it’s possible to build a cybersecurity franchise based on Fear, Uncertainty and Doubt, or FUD. In part, this is because these negative messages – essentially, be afraid, be very afraid – grew so ubiquitous they became white noise, something to be tuned out. At the same time, as instances of cybercrime increased, including many high-profile data breaches – so did awareness of the threat they posed. Cybersecurity companies no longer need to make people aware of the danger when headlines in every media outlet carry stories of hacked databases and stolen identities. What they need to do is convince their prospects that they can prevent cybercrime from happening to them. In working with our cybersecurity clients, we found that FUD branding was so deeply entrenched that companies often resisted relinquishing it until research proved conclusively that it no longer resonated with their prospects. Yet dark, foreboding imagery and messages screaming gloom-and-doom datapoints persist, and tend to drown about what the marketplace really wants to hear: how are you going to keep us safe?

Cybersecurity Branding Imperative #2: Aim High

You would think that achieving safety and security would be the most important motivator of all, whether in one’s personal life or in business. But in fact, there is abundant research showing that security, while important, doesn’t rank high among human needs. Perhaps the best-known proponent of this idea is Abraham Maslow, the American psychologist whose “hierarchy of needs” is a widely accepted theory of psychological health. Maslow’s hierarchy is comprised of a five-tier model of human needs, often depicted as levels within a pyramid. Needs lower down in the hierarchy must be satisfied before individuals can attend to needs higher up. At the bottom of the pyramid are physiological needs like food and water; just above these are security and safety. Higher up we find the need for prestige and a feeling of accomplishment. At the very top of the pyramid is self-actualization – achieving one’s full potential. Seen in this context, safety and security are necessary to a sense of satisfaction, but not sufficient. This is why a cybersecurity brand that appeals only to a desire for safety won’t resonate at a deep level with the marketplace; even in a B2B context, decision makers are looking for a sense of achievement, for them and their organization. A successful brand needs to appeal to a higher-order need. In the B2B context, this might be the confidence to expand a business to new geographies, or into new market categories. Or the brand could appeal to the self-actualization needs of the decision makers themselves: we created and activated a brand for a leading identity management company that addressed the IT buyer’s desire to say “yes, we can do that” to internal stakeholders who came to them with ambitious plans for expansion, rather than say “no, that’s too risky.” The brand appealed to the buyer’s need to act as (and be seen as) a business enabler, a form of self-actualization.

Cybersecurity Branding Imperative #3: Be Human

From a branding perspective, cybersecurity is one of the most dehumanized spaces in the B2B arena: lots of diagrams and flowcharts, not many images of actual people. This might not be a problem – after all, many IT professionals have an affinity for data and data visualizations – except for the fact that cybersecurity buyers are seeking reassurance that the solution being offered actually work, and will continue to work as threats multiply. They’re looking for a reason to believe.

• How will the solution stay one step ahead of the bad actors? Because the people behind the solution are continually monitoring the landscape to anticipate what’s coming.
• How will my questions and concerns be addressed? By the people who stand behind the solution.
• Why is this solution superior to the other solutions that claim to do the same thing? Because the people who created it are smarter, more responsive, more experienced.

Putting people front and center not only provides critical reassurance to prospects, it can also help to differentiate. But to be effective, the brand can’t simply be about photos of smart-looking people looking pensive in front of computer screens. The brand needs to be about expertise and experience. Photos of people can support this, but they aren’t enough. By-lined white papers, video interviews, speaking engagements, website bios that go deeper than listing accomplishments and degrees … all of these give prospects reasons to believe that the solution will perform as promised.

Cybersecurity Branding Imperative #4: Play Well with Others

In the B2B world, one solution – even one company – can never provide all the cybersecurity necessary to protect the enterprise. And our own research has shown that “one-stop shop” is almost never a strong benefit for IT buyers; they prefer to acquire best-of-breed solutions from however many vendors it takes. End-point solutions, network security, cloud application security, identity management, anti-virus protection – the chief information security officer (CISO) and other IT buyers are more than happy to pick the solution they think works best from the provider they trust … provided it works with the plethora of the solutions already at work in their cybersecurity ecosystem. Every successful cybersecurity company provider builds Interoperability into their solutions. And they always make a point – often, a big point – of touting this. But cybersecurity brands need to do more than say they play well with others. They need to show it in a way that goes beyond complex IT infrastructure diagrams. In words and images, the brand needs to convey openness, approachability, collaboration. The company’s core values need to reflect this spirit of cooperation, and they need to be infused into the brand. At the same time, the cybersecurity brand should, ideally, communicate that it not only works with other solutions, it can actually make them more effective. IT executives are all too often forced to please with skeptical CFOs and boards of directors for additional funds for yet another cybersecurity solution. Their case would be easier to make it they could demonstrate that the latest solution they’re advocating for can actually enhance the ROI on existing solutions. A few years ago, we developed a brand for a managed solutions provider that communicated just this message: it’s the catalyst that, when added to the already complex (and expensive) cybersecurity ecosystem, unlocks the true potential of all the component parts.

Cybersecurity Branding Imperative #5: Make It Personal

A cybersecurity offering must appeal to a diverse range of audiences. The CISO will want complete assurance that the solution works effectively – their job (not to mention the security of the enterprise) is on the line! Features and functionality, while not necessarily part of the top-level brand message, will be important to this audience. The CIO will be less interested in the details of the solution and more concerned with its impact on other components of the enterprise’s IT infrastructure. The CFO will want to know the anticipated ROI, including the cost of not making the investment. The board of directors will insist on assurances that this product will protect the enterprise’s value and, as importantly, its reputation. Alas, every company in our connected world gets just one brand, so the brand must resonate with buyers and influencers who have different – and in some cases, conflicting – agendas. The challenge is to develop a brand that appeals to all audiences without falling victim to the “lowest-common-denominator” trap: a brand that’s so general and watered down that it essentially says nothing to anyone. This is what has happened across the cybersecurity landscape: brands either go “too high” (and general) and become meaningless, or “too low” (and specific) and become irrelevant to many if not most audiences. The solution: create a powerful, resonant brand with broad appeal, and support it with targeted messaging that communicates the brand through the filter of specific audience needs. For example, our messaging mapping methodology identifies a core group of messages, usually no more than five or six, which are universally applicable. We then “map” a series of messages that target each key audience with a tailored value proposition that supports, and is supported by, the overarching brand. In this way, the brand achieves consistency and relevance at every communications touchpoint. Cybersecurity providers are in the enviable position of selling to a huge and growing market, and one that is increasingly seen as essential to the health of companies, governments and the economy overall. Yet as the market becomes more saturated with competitors, the need for differentiated brands becomes even more critical. Each organization will need to identify the brand opportunity that’s authentic to its offering and core values, and can set them apart; brand research, along with an in-depth competitive analysis, is always indispensable in this process. That said, while every cybersecurity brand will be – and should be – unique, we’ve found that starting from a foundation of these five imperatives will help to ensure a successful outcome. To learn more about B2B cybersecurity branding, contact us. <