Tech Marketing

Cybersecurity Buyers Report Part 2

Article Summary

The ActualTech Media Cybersecurity Buyers Report, in collaboration with the Cybersecurity Marketing Society, reveals key insights for marketers from a survey of 327 U.S. cybersecurity professionals. It emphasizes the importance of proactive risk reduction, regulatory compliance, outsourcing benefits, and trust-building in marketing strategies, while identifying growth opportunities in areas like penetration testing.

In our ongoing Cybersecurity Buyers Blog Series, ActualTech Media, in collaboration with the Cybersecurity Marketing Society, continues to unveil key insights. Following our initial exploration in the series, which you can find here, where we laid the groundwork for understanding the cybersecurity landscape, we now present the second part of the Cybersecurity Buyers Report. This report and series aim to answer the most pressing questions faced by cybersecurity marketers. We've compiled a comprehensive report and are offering our audience insightful information along with complementary access to the full report.

In late 2023, ActualTech Media surveyed a group of cybersecurity professionals and decision-makers. Our objective was to assess the size, state, and sophistication of their cybersecurity programs. We examined their top technology priorities, including their most pressing threat concerns and IT-centric business goals. Our investigation also covered the elements of their security stack currently outsourced and future outsourcing plans. We delved into their purchasing processes, vendor selection criteria, proof-of-concept issues, and budgeting timelines. Our findings also shed light on the marketing channels and modalities they find most valuable.

Join us as we dive into the detailed findings of the ActualTech Cybersecurity Buyers Report!

Drivers and Pains for Action

Messaging that focuses on risk reduction could be effective. Focus on how your solution helps you be “proactive” or “one-step ahead” of risk.

What are your primary motivators for engaging in a new solution purchase?

On a related point, you could reinforce this by using the “Incident” group shown here. For example: “42.3% of new security solutions are purchased as a result of an incident. Don’t let that be you. Purchase proactively now.”

Content assets or lead magnets that focus on “how to cover gaps” in security coverage could
be effective.

  • Outdated technology refreshes: Could you help swing interest your way with “buy-back” or trade-in programs of some sort? This isn’t limited just to hardware refreshes, a software “buy-back” program in the form of a discount or credit would also take advantage of this cycle.

If prospects are investing or replacing solutions due to new regulatory requirements, can you explain how your solution helps them become compliant?

If your solution helps prospect organizations comply with several regulatory requirements, consider creating solution landing pages with content that address each one of those areas. One landing or product page alone might not be specific enough to frame your value proposition.

  • Side idea: Insurance requirements that prospects are facing could be an angle for pitch. Example: How your solution can help them stay compliant with the requirements in their cyber insurance policy.

MSPs and firms that facilitate outsourcing of cybersecurity services will benefit from understanding what leads prospects to the decision to outsource.

What are the primary reasons you would engage with a managed service provider vs. managing a solution in-house?

Resourcing advantages and expertise gains are the biggest motivators to outsourcing a solution as shown here. Focus your messaging around those two areas. Don’t focus exclusively on cost savings- cost savings is a factor but not a leading driver.

It’s true, there will always be the bargain shoppers, but overall, people are outsourcing to get your skills and your availability, not to save money.

Further on resourcing advantages, the need for 24x7x365 SLAs that can’t be delivered internally alone is driving outsourcing. Marketers can map out what that kind of newly available resourcing would mean to the business and make the infosec team scale more effectively.

  • Reducing busywork to allow for more strategic focus: think about messaging that speaks to the newfound freedom available to previously overburdened internal resources. Example: “what could you accomplish with these tasks off your plate?”
  • Expertise: This likely ties to compliance requirements and may represent an opportunity to message how you can help prospects achieve compliance via outsourcing or managed services.

Messaging around how they “can’t be expected to keep up with everything, let us help” could resonate.

A focus on trust in messaging is important. Prospects are giving you access to their environment at a critical level – everything about your brand should convey that you not only have the expertise to help but they can trust you.

Example: Think social proof, certifications, industry partnerships—“these big partners work with us, we’re trustworthy just like them.”

If you handle one of the least-outsourced areas, there’s a huge amount of headroom to grow your practice area. In fact, all these areas shown have room for growth.

Current vs. Future Cybersecurity Outsourcing

  • Note: the “other” category shown might as well have been relabeled as “Penetration testing” – this was almost universally the “other” answer entered via an open text field option at 17%.

Is That It?

This is just the second article in this series. You can download the full report here. In the next article we will take a closer look at cybersecurity buying process and behavior.


Respondent Details & Disclaimer

For this report, ActualTech surveyed 327 senior cybersecurity professionals and decision makers at organizations of all sizes who have dedicated cybersecurity teams in the United States. Respondents were CISOs, Directors and Managers of Information Security, Data Privacy Officers, Senior Cybersecurity Analysts and similar roles. While all organization sizes were surveyed, the data shown in the charts in Part 1 was filtered for companies of 500 employees or more. Data from organizations below 500 employees is included in the Appendix. The questions were developed in consultation with the Cybersecurity Marketing Society. The results and insights for these survey areas are included in Part two of this report. Cybersecurity marketers can use these data points (and the surrounding takeaways) to better their align product positioning and messaging with real-world customer requirements.

While ActualTech Media is not a professional research firm, our access to the minds and trust of the cybersecurity professionals and decision makers in our audience uniquely positions us to gather answers to questions that other firms may not be able to procure, and then present that data through a marketing lens.  It’s our hope that this report makes your job as a cybersecurity marketer more data-informed and intentional.