Blog | Mike O'Toole 01.22.23

5½ ways to build a cybersecurity brand story that drives growth

It’s hard to stand out in B2B generally. The challenges are multiplied in cybersecurity categories, which are driven by accelerating risk, innovation, and growth. COVID-19 is the latest challenge for security organizations, but change has been constant since the first CISO was hired in 2005. The threats change every day, and the market is swimming in potential solutions. But how can the CISO possibly keep up? More to the point, how can you make your company and its solutions unignorable?

As recent Sirius Decisions B2B marketing research says, it starts with distinctive brand positioning. According to their findings, the best way to unlock demand is to build brand. This might sound counter-intuitive, but the logic is simple. You can’t drive growth in new customers if buyers don’t know about you. In the Sirius research, marketers said the best way to drive brand awareness is brand positioning that differentiates their company in the market.

We couldn’t agree more. Over our 25 years of helping dozens of cybersecurity brands position themselves for success, we’ve honed an approach that has helped companies with great solutions and ideas get the attention they deserve.

Here are our five best practices for creating a cybersecurity brand story that gets you noticed, and puts you at the top of the consideration list.

*And here’s an offer: get in touch, and our security practice-leaders will take you through how our framework can benefit you – no strings attached.*

1. Position yourself against the category, not just your direct competitors.
The latest cyberscape category map by Momentum Cyber lists more than 1,000 companies across 44 subcategories. It’s hard for a CISO to keep up with new categories, let alone new companies. Compounding the difficulty is tool fatigue. A recent ESG report found that 55% of enterprises use 25 or more cybersecurity tools. When need and available solutions outstrips budget and attention spans, getting in a features fight with direct competitors won’t cut it. Your job is to position yourself as a top-tier priority for de-risking the enterprise. To claw your way to the top of the CISO’s investment list, tell them something they don’t know. How does your company/solution highlight and address risks the CISO isn’t fully appreciating? Help prioritize need and further investment decisions? Help make current tools and systems more effective?

2. The stakes are high, so aim for the heart as well as the head.
Security breaches can create an existential crisis, which raises the buyer’s emotional investment in vendor decisions. In fact, a Google/CEB study of 3,000 B2B buyers showed that across the board B2B buyers are more emotionally connected to business brands than consumer brands. This makes sense when you consider the stakes: making the wrong call on an ERP platform, or the software that keeps it secure, can cost your buyer credibility, support, and even their job. The same study finds that speaking to these personal stakes means you are twice as likely to make the consideration set. Consider these questions as you develop your message: How can you help the security decision-maker boost standing with colleagues on the business side? Arm them with the confidence to assess risk and readiness for the executive team and the board? Build their network and visibility with peers outside the company?

3. Fear gets attention, but opportunity can drive purchase behavior.
For the 25 years we’ve worked in the security category, brand messaging has existed on a continuum of fear and business enablement. Fear is over-indexed in security marketing. As one CISO we interviewed put it, “Don’t bother scaring me. I’m already scared. I’m much more interested in how you can solve my problems.” We know from research in other categories such as healthcare and financial services that fear-based messaging can overwhelm and paralyze. Giving people hope and providing answers drives action. Better security can enable a lot of things: unleashing staff capacity, reducing friction with partners, building trust among consumers, opening up more confident pursuit of market opportunities. All of these are valuable, motivating arguments for why you matter to the buyer.

4. The strongest brand stories are about market change. 
In change-driven markets like cybersecurity, buyer readiness lags behind the evolving challenges and vendor innovation. The most effective positioning helps buyers find opportunity in market change. The change we’re talking about is bigger than shifting perceptions of your brand. Can you disrupt the buying process? Just one example: the move from core to edge—for computing, for critical data, for user autonomy—should be reshaping buying criteria across every security purchase. Can you reframe category conversations? Big brands tend to control the category narrative. The world’s largest software companies (think Microsoft, Salesforce, and SAP) increasingly make the case that their embedded security is good enough. Independent cybersecurity brands have a vested interest in making the case that best of breed solutions will better protect and enable the enterprise.  Change can even rise to the level of shaping category culture. One big cultural shift happening across security is moving away from a pure protection/lock-down mindset to building a more resilient enterprise.

Whatever change you choose, it will help you avoid internally-based claims to build a brand position that is based on critical buyer needs and therefore inherently worthy of attention.

5. Don’t be afraid to go big – keeping our online lives safe is an everyday concern in the culture.
Internet safety is one of the central issues of our time. In our personal and professional lives, our well-being depends on keeping private data private, keeping digital transactions free from fraud, and keeping the code that is behind everything—from our automobiles to Zoom—secure from hackers.  Anyone marketing in cybersecurity has permission to tap into these big issues. Think about the stakes for your customers—and their end consumers. These are the veins to mine that will keep your company resonant, and will earn you the right to make the case for why your solution is relevant.

5.5 Don’t try to position—or sell—to everyone.
This is my shortest point, but it may be the most important. Once you’ve defined the change you want to make (#4), market to the CISOs who see themselves as change agents. Across B2B tech categories, the 80/20 rule holds. There are 20% of buyers who are willing to go beyond big brands and category conventions. Those are the buyers who will see the value in your solution. You don’t need the safe middle to make your market—those folks will come later once you’ve established your value.

The advantages of a truly distinctive brand story are waiting. 
Starting with a great story helps you break through a cluttered market and starved attention spans. But it also makes the rest of your marketing come alive and cohere into a single voice. A COVID silver lining is that it forces a reset on the assumptions that guide the way we work. We’re all a little more open-minded now—all of us as marketers, and the buyers we’re trying to reach. Now is the time to tell a better story. It’s one investment that not only will make your downstream marketing better, but as the Sirius research says, will help you sell.

Want to see how these best practices apply to your cybersecurity brand?
We have the experience and framework that gets you to a great story fast. Send me an email at —we’ll schedule a quick-cut workshop where we apply our framework to you.