Lead generation costs have sky-rocketed ever since we started calculating PPC benchmarks for cybersecurity in 2019. In fact, the costly curve is the reason we started with the benchmarks. They became a sanity to check for ourselves… and our clients.
Every US Dollar, British Pound or Euro dedicated to the marketing budget needs to be signed off in blood, sweat and tears; every Sales Qualified Lead (SQL) secured is a gem. And in 2024, life is no piece of cake for the CMOs and their marketing teams. Below, you’ll find recommendations for planning realistic (!) budgets for your PPC campaigns.
Budget benchmarks for cybersecurity PPC campaigns
How cybersecurity companies calculate budget for Google Ads
- Use free tools such Google Ads Keyword Planner or paid ones like Semrush to find the most relevant keywords, their monthly search volume and their costs per click.
- Use Google Ads Forecast tool to define the CTR. If not available, use a 1% click through rate as a rule of thumb to forecast the number of clicks for your campaign.
- Multiply the forecasted number of clicks per keyword by the estimated cost per click (CPC).
For example, if we’re trying to rank for “Cloud Security Solutions”, we’ll multiply the average monthly searches of 1300 by 1% click through rate to forecast 13 clicks, which cost us approximately $367.38.
Things to pay attention to:
- In order to evaluate if a keyword is working well for you (i.e. generating the qualified leads), you’ll need to get at least 100-200 clicks for this keyword.
- Campaigns should run (and be optimized throughout) for 3-6 months before evaluating if the channel is working well for you. This is due to the long sales cycles.
How cybersecurity companies calculate budget for LinkedIn Ads
- Define 2-3 sets of audiences (e.g. CISOs & Cyber Security Analysts).
- For each audience type, build your targeting to calculate estimated audience size.
- As a rule of thumb, use 0.5% click through rate to get the number of estimated impressions.
- Multiply your estimated impressions by clicks.
The cost of LinkedIn Ads is dictated by your target market, target audience and down the line, your ad’s performance. For example, CISOs in the US cost between $42-$100 per click back in 2023, more than double the cost in 2021.
So what budget do I need for cybersecurity PPC campaigns?!
Instead of just throwing an arbitrary number that most likely doesn’t fit your budget or marketing goals, let’s go about it differently.
Assume you have a monthly budget of $15,000.
At least $3,000 will be allocated to post-promotion, video promotion, retargeting, and document ads, leaving you with
$12k for lead generation campaigns on LinkedIn and message testing.
If each lead costs $250…
…this budget will generate 48 leads.
From these, you can expect to get between 4 to 8 MQLs (monthly).
Note that 8 MQLs monthly are not enough to accurately assess if your campaign is effective or not. Especially as it will take several months for some to become qualified and fewer to become opportunities.
You need 50 – 100 leads in order to get into any statistical understanding of which campaign – message and creative, and content is generating the leads converting into SQLs and Opportunities.
Yes, $15,000 monthly is a lot of money, but it still isn’t enough to fill your funnel or prove “it’s working”. Does that answer your question?
And before you say “no way I’m paying that!”, here’s a breakdown of CPL on Google Search through 2019 to 2023. In short, the CPL almost doubled during that time.
| Cost per Lead | 2019 | 2021 | 2023 | % Change |
| Low | $71 | $100 | $150 | 111% |
| Median | $206 | $250 | $250 | 21% |
| High | $369 | $700 | $700 | 90% |
And here’s the same CPL, but on LinkedIn Ads:
| Cost per Lead | 2019 | 2021 | 2023 | % Change |
| Low | $42 | $60 | $100 | 138% |
| Median | $100 | $250 | $250 | 250% |
| High | $151 | $350 | $600 | 297% |
And while costs are skyrocketing, budgets are nowhere near to reflect those changes. The opposite is happening, where CEOs under stress are asking CMOs to do more with less:
• Less resources,
• Less time to show marketing impact,
• Less tolerance for activities that don’t show direct impact on the pipeline.
Lead gen vs. brand awareness - what’s better for cybersecurity?
We’ve said a lot about running lead generation campaigns for cybersecurity companies and we get it, we all need leads to work on. But be honest, when was the last time you booked a demo with a company you had absolutely no idea about, or shared your email or phone number to get through a gated ebook from a brand you’ve never heard about before? That’s why–just like you can’t run strong PPC campaigns without inbound–we’d recommend steering away from lead gen before you have a clear brand awareness strategy underway.
CISOs and security folks need to see, read and learn about you and your company in a variety of ways and get to like your brand and product before they reach out to you or engage with any of your marketing efforts. They will not be cajoled into engagement. So lay off the heavy tactics and SDR cold calling, but do help people find you. What we’re seeing and recommending to our clients is moving towards a mix of 40:60 - in favor of brand awareness. You’ve no choice really.
And while we’re at it, no brand awareness activity will work if there’s nothing to be aware of... Too brutal? Hear us out. It’s now more important than ever (and successful cybersecurity companies are investing heavily in this), your company needs to stand out in a crowd of over ~3500 cybersecurity vendors. If they all look the same and speak the same, and do the same thing, how do we set Cybersecurity company X and Cybersecurity company Y apart? It needs awareness. Engage with your audience, provide value, show your brand and its leaders as the experts, make your uniqueness in solving real pain points well known, before you start collecting people’s email addresses.
Extra golden tips for optimizing PPC for cybersecurity
Single Channel, Single Asset Is No Longer Effective
Following on from the minimum spend per channel. Not so long ago, a good ebook and decent set of demo ads for LinkedIn could get you SOME solid leads. This was considered a quick lead generation activity… And marketers flooded the social-sphere with ebooks and whitepapers. It just won’t work nowadays. You’ll now need a full funnel with as many assets as possible to distribute them across as many channels as possible. See below an example of a campaign we prepared for one of our clients. There’s static images, short videos, interviews, even a podcast, all for one campaign.
This is also no longer the case due to…
Gated eBooks are RIP
Following up on what we said about brand awareness–CISOs and security folks will not give their details away for privacy concerns and they certainly don’t want your SDR to call them. Nor will they click on any attachments you send them via email! This is the age of awareness.
We’re Loving Thought Leadership on Social
Social media engagement works great for your visibility, but many B2B folks are simply too busy to interact with a loooong list of brands they like. They will however find time to interact with people. And by people, we mainly mean leaders. Thought leadership works great for driving engagement and growing brand visibility, and it’s hella cheap. Plus, it’s an easy way to direct more people to your brand.
Don’t Ignore The Dark Funnel
The dark funnel has always been an issue; clearly labeling or tagging leads from direct attribution has never been more difficult. Add to that the First Party Data regulations and recognizing where the SQLs and Opportunities originated is a mission impossible. The good news is that now C-levels are getting on board with the irrelevance of first touch/last touch metrics too. The funnel is not linear and looks more like a bowl of spaghetti with your audience engaging or just evaluating you from many touch points.
So how do you explain your marketing spend to the management then? Or how do you even know what’s working if you’re struggling to see how many leads came from where? That’s when marketing budget buckets come in handy. Splitting the marketing budget into buckets of EVENTS, ONLINE CAMPAIGNS, OUTBOUND (and whatever else might work for your brand) to calculate ROI makes more sense. This approach means that you’re not sweating over which particular campaign or ad set is performing better, but which set of activities is working well in generating the right opportunities.
Also don’t forget to look at correlations between your activities. Look for things like:
- Boost in Traffic: kicking off campaigns should result in uplifts in traffic from organic, direct, and social channels, signaling broad engagement.
- Quality of Traffic: The increase in session-to-contact rates suggests that this isn't just any traffic; it's the right kind.
- Brand Visibility: As campaigns progress, brand searches spike, proving heightened awareness.
- Beyond Inbound Leads: Many leads interact with our ads before registering. It’s not just about inbound tactics; ad interactions are crucial.
Real ABM for Cybersecurity
ABM is finally being adopted widely and is no longer a “nice to do”, once we have some time and a budget. The demise of spraying and praying with paid campaigns, tighter budgets, and the culmination of the points above have driven B2B tech marketers to do more research and select a specific ICP to target.
PPC KPIs to track for successful campaigns
And finally, depending on your campaign goal, you’ll want to track different metrics:
- If you’re looking to generate as many leads as possible, you’ll want to look at overall ROI (to make sure you’re not allowing the campaign to burn your marketing dollars too quickly or for nothing), CPL (Cost Per Lead - as well as CPMQL and CPSQL) and conversion rates between all of the stages of the funnel;
- If you’re using paid activities to build brand awareness, you’ll want to pay closer attention to CTR (Click-Through Rate), the number of people your campaign’s reaching, and how they interact with your ads - so impressions, views, engagement, followers, etc.
Anyway, here’s a little bit more details on the main KPIs to follow:
Click-Through Rate (CTR)
Your CTR is likely to be relatively low. That’s because you want every click to be highly relevant, rather than attracting a large number of click-throughs that aren’t likely to convert. However, LinkedIn is sensitive to low CTR, so you’ll need to adjust your ads if it drops too low.
Cost Per Click (CPC)
This is a crucial KPI to track. It reveals how much you’re paying for every possible lead. You’ll pay more to attract CISOs than for junior personnel, and also pay more for bottom of funnel keywords that indicate a higher intent to buy.
Conversion Rate (CR)
The conversion rate is the percentage of leads who complete your campaign offer, such as requesting a demo or downloading an eBook. You’ll see a lower CR on offers that indicate a higher intent to buy.
Cost Per Lead (CPL) and Cost Per Marketing Qualified Lead (CPMQL)
CPL is considered the holy grail of all metrics and refers to the cost of bringing in any lead. But it’s actually relatively easy to bring cheap leads that are actually irrelevant and will never convert. That’s why you should focus on…
A marketing qualified lead (MQL) – someone who takes an action that shows interest in your product. For example, downloading a whitepaper or reading a longform blog post. CPMQL is a more important metric because it shows how much it costs to get a lead who is genuinely interested in your product, rather than someone with no intention of becoming a customer.
Of course this is nothing new. Marketing has always been about doing something well and attracting specific audiences. Digital marketing made it easier for all of us to cast a wider net, play our luck and see what we get. Many companies uncertain about where to start with targeting or whose pain their product was solving could start wide and narrow down. But that costs a lot of money and shows limited return.
Want to chat? Schedule a free consultation and we’ll see what we can do.
