Cybersecurity marketing has a problem. It’s stuck in an endless loop of blue backgrounds, stock images of padlocks, the dude in a hoodie and the same generic messaging about "stopping cyber threats before they happen."
If you took the logos off most cybersecurity websites, would you be able to tell them apart? Probably not. And that would be a huge issue in literally any industry, but with 3,000+ vendors competing for the same security budgets, the only way to win is to stand out. That means ditching the corporate fear of creativity, actually listening to your ICP (not just guessing what they want), and investing in brand-building beyond your website.
I sat down with Maayan Sella, VP of Demand Gen at Pentera, to break down what cybersecurity marketers are getting wrong—and how to fix it before you blend into the abyss. And if you prefer to listen to chat instead, it’s here:
Most cybersecurity marketers think they know their ICP. They have the buyer personas, the pain points, the nice little Google Docs with "CISO concerns" listed out.
But one thing that Maayan pointed out is this:
"If you're not speaking to your ICP, how on earth will you know how to market to them?"
This is the biggest mistake we see: cybersecurity brands assume they understand their audience based on past insights. But pain points change based on:
What you can do instead is:
If you’re not in constant conversation with your audience, you’re just guessing. And guessing doesn’t work in a crowded market.
If you cover the logo on most cybersecurity websites, you can’t tell them apart. Why? Because too many are afraid to stand out. I’ve already mentioned this when I wrote about what’s killing your messaging process.
And I don’t think it’s the sole nature of the cybersecurity industry that makes their messaging so bland and painfully, painfully safe. We’re seeing so many incredibly innovative and creative companies. So why can’t they translate that to their marketing activities?? They default to what "feels professional" instead of what actually grabs attention:
It’s all the same. And that’s the problem, following what Maayan said:
"I think the issue usually starts with founders and CEOs. They’re entrepreneurs when it comes to the product, but when it comes to branding, they play it super safe. They don’t want to be ridiculed, so they just copy what’s already out there."
Luckily, there are things that you can do to fix that:
Here are just some of the ads we created for one of our clients, Cybersixgill (now a BitSight company). See how they tick all the boxes? At the end of the day, boring branding really is a bigger risk than standing out.
Trade shows are expensive. They take up a huge chunk of your budget, and if you’re just setting up a basic booth with some pens and brochures, you’re wasting your money. It’s absolutely impossible to prove ROI on these events.
I’ve discussed this briefly with Yoel Knoll, CMO of Cybord, here:
Want an example? Here’s Pentera who flipped the script at Black Hat a few years back by setting up a boxing ring. You read that right, a boxing ring–which I discussed in more detail when writing about standing out on trade shows.
Instead of a standard booth, they created a full-blown experience—bringing in real boxers and having them "fight" over cybersecurity threats. They had a packed crowd, CISOs actually stopping to watch, and a direct pipeline of leads. And for Maayan it worked:
"It was an entertainment play. We didn’t spend that much compared to traditional trade show budgets, but we got massive ROI."
So if you’re ready to spend that money wiser than on the most expensive mega event out there and some boring merch, here’s what you can do:
Yes, your website is important, but it’s just one piece of the puzzle. By the time someone lands on your website, they’ve already:
Yet what we’re seeing at Envy working with cybersecurity marketers, too many brands are focusing too much on their own website (which you’d think is a good start!) but ignore third-party influence. Here’s what Maayan said:
"I’d rather publish content on a third-party site than on my own blog. Why? Because that’s where our buyers are looking."
So how do you do it?
This one’s simple: just because someone downloaded an eBook doesn’t mean they want to talk to your sales team. And one of the biggest mistakes cybersecurity companies (but not only) make is jumping straight to sales.
"A lot of companies are so desperate for leads that they go for the hard sell way too early. It’s like proposing on the first date."
You need to nurture the engagement for a little while longer to make it work:
How do you do that? By repurposing your content, ungating your content, building strong brand awareness, building a full-funnel strategy and giving CISOs the respect they deserve.
Established cybersecurity giants like Palo Alto, CrowdStrike, Check Point don’t need creative marketing. Their name alone gets them leads. This doesn’t necessarily mean their messaging turns bland, but they’re not competing against 3,000+ companies out there.
But if you are–you can’t play it safe. If you’re a startup or scale-up in cybersecurity, bold marketing is your competitive advantage. So please stand out, create memorable messaging and if your website is black and blue, or black and orange, or black and <insert another color>, go talk to your graphic designer RIGHT NOW.
Need help? We’ve been building strong cybersecurity Go-To Market strategies since 2014.