Skip to content

Cybersecurity PPC Benchmarks. Paid Media Budget Revealed

The market for cyber security products has never been more buoyant but neither has the level of competition. Depending on which stats you read, there are anywhere north of 3,500 cyber security vendors active globally.

The market for cyber security products has never been more buoyant but neither has the level of competition. Depending on which stats you read, there are anywhere north of 3,500 cyber security vendors active globally.

This means that companies reluctant to invest in awareness together with highly targeted campaigns will find it [very] difficult to get ahead.  

We released the original cyber security benchmarks in June 2019 to answer the questions from clients and friends about, how much they should be paying for their paid media? Were they paying too much? How should they go about their budgeting?

Paid channel benchmarks are deemed biased or not accurate enough; there was, and still is, a need for independent analysis. So staying true to our cyber security marketing agency status, here we are with the 3rd edition.

Unsurprisingly, lead generation costs have increased. We thought that “an economic slump” would cause the prices to return to pre-pandemic rates, but they’re not.

Every US Dollar, British Pound or Euro dedicated to the marketing budget needs to be signed off in blood, sweat and tears; every Sales Qualified Lead (SQL) secured is a gem. And in 2023, life is no piece of cake for the CMO and their marketing team:

CEOs under stress are asking CMOs to do more with less:
Less resources
Less time to show marketing impact
Less tolerance for activities that don’t show direct impact on pipeline

Demand for cyber security products is at an all time high. Yet, so is the competition. And standing out is (almost) mission impossible. Successful companies are  investing in:
Testing their messaging to ensure they know what resonates with their audience, quickly
Building awareness through multiple organic and paid channels
Highly targeted strategies as opposed to casting a wide net.

Download The Cyber Security PPC Benchmarks Report Here

So What Do The Latest Cyber Security Paid Benchmarks Reveal?

1. Prices Increased In 2022, But Not Too Crazy 

In Google Ads, median prices for CPL and CPC stayed around the same between 2021 and 2022. 

So on average CPL for a Senior Security Team will cost $150 - $250 

CPL for senior security team 1 CPL for senior security team 2

 LinkedIn too, while prices have increased per CPL, from $175 in 2021 to $200 - $250 in 2022. This is nowhere near as drastic as the jump between 2019 - 2021 which was at 75% and higher.

CPL for senior security team 3 CPL for senior security team 4

Note that we have stopped trying to benchmark the cost per MQL and above. This is due to the fact that there are far too many variables that influence the price:
How a company scores MQLs/SQLs/Opps
Level of awareness - startup vs. established company
Campaign creative and messaging - hitting the nail on the head or not
How long campaigns have been running & on how many channels. 
Who is running the campaigns - novice or professionals
Nurture paths - optimized/not; 
SDR & sales’ involvement in the nurture process
Much more

2. Minimum Spend Per Channel HAS Increased

Only 3 years ago, a startup could start off with a LinkedIn OR Google monthly budget of $5,000. In 2021 we increased the recommended minimum spend per channel to $10,000. Now we are mostly recommending a minimum of $15,000 per channel per month. This is largely due to the speed required to get to market validation.

See the breakdown below:

Post promotion on LinkedIn $2000
Retargeting $1000
Leadgen on LinkedIn
Ave CPL $250
48 leads
10% - 20% Lead to MQL
4 - 8 MQLs, monthly*

The CPL means that if companies invest less than $15,000 monthly, they’ll receive fewer than 4 - 8 qualified leads per month. 

You can start to calculate how long receiving market validation would take. You can also start to imagine the conversation with the sales about the empty funnel and why you aren't doing your job.

3. Single Channel, Single Asset Is No Longer Effective 

Following on from the minimum spend per channel. Not so long ago, a good ebook and decent set of demo ads for LinkedIn could get you SOME solid leads. This was considered a quick lead generation activity… And marketers flooded the social-sphere with ebooks and whitepapers. This is also no longer the case due to….. 
Gated eBooks are RIP. CISOs and security folks will not give their details away for privacy concerns and they certainly don’t want your SDR to call them. Nor will they click on any attachments you send them via email! This is the age of awareness.
Awareness is King. CISOs and security folks need to see, read and learn about you and your company in a variety of ways and get to like your brand and product before they reach out to you or engage with any of your marketing efforts. They will not be cajoled into engagement.

4. Brand Messaging And Awareness

More important than ever (and the successful cybersecurity companies are investing heavily in this), your company needs to stand out in a crowd of over ~3500 cybersecurity vendors. It needs awareness.
Investment in messaging and branding – You’ve no choice really. And it is less complicated than it used to be. 
Changed mix between lead generation <> awareness – Moving to a ~40:60 mix. Yes, more money is being spent on awareness.
The steady rise of video – this is no longer a ‘nice to have’. Video adds significant value to the content mix and is more affordable.

5. The Dark Funnel

Has always been an issue, but now C-levels are on board with the irrelevance of first  touch/last touch metrics. 
Marketing budget buckets - Splitting the marketing budget into buckets of EVENTS, ONLINE CAMPAIGNS, OUTBOUND to calculate ROI makes more sense.
Attribution tools – yes, it’s really important to identify those companies who do enter your funnel and how.

6. Real ABM 

ABM is finally being adopted widely and is no longer a “nice to do”, once we have some time and a budget. The demise of spraying and praying with paid campaigns, tighter budgets, and the culmination of the points above have driven B2B tech marketers to do more research and select a specific ICP to target.

Of course this is nothing new. Marketing has always been about doing something well and attracting specific audiences. Digital marketing made it easier for all of us  to cast a wider net,  play our luck and see what we get. Many companies uncertain about where to start with targeting or whose pain their product was solving could start wide and narrow down. But that costs a lot of money and shows limited return.

Want to know how to modernize your business with a kick ass RevOps team? Click here.

Hope you find the cyber security PPC benchmarks useful and feel free to drop me a line with your comments or questions. If you’d like to speak to me about our cyber security marketing that’s also ok :).

You In? Let's Talk

Share share title underline scrible