All you ever wanted to know about research-led marketing in cybersecurity
What is research-based marketing? What purpose does it serve in helping you sell your product or service? When do you shift from research to the hard sell, if at all?
Research-based marketing in cybersecurity is, in some ways, just as it sounds: it is a campaign based on technical and threat-related research.
Its value lies in building credibility around your company’s capabilities and establishing trust via a no-strings-attached sharing of intelligence.
It should show that you are a market leader who understands the intricacies of the threat landscape and can assess and defend against the risks it poses.
Some of our favourite examples
Where do we start? The Mandiant report on APT1’s targeting of intellectual property set an incredibly high bar when it came out eight years ago. The Bellingcat exposé that reported Russia’s APT28 attack on Angela Merkel left the reader in no doubt that Putin tried to compromise Germany.
Reoccurring publications, such as Verizon’s Data Breach Report, have become the industry’s go-to for a historic view of the threat landscape, whilst the IBM’s annual Cost of a Data Breach study demonstrates the true cost of cyberattacks across the world.
How is research-based marketing used to greatest effect?
It is best used early in the marketing and sales cycle, introducing potential customers to the problem space you address and your ability to understand their specific security and business needs.
In its most powerful form, it demonstrates that there are humans beings behind every attack, each with different motivations and methods. This opens up conversations about who might target your potential customer and why, as well as about the defense techniques that should be deployed.
Where do I start to learn about this area?
On social media. Twitter is a great way to find communities of security researchers. You can get a gauge of how well competitors’ research has gone down based on retweets and links.
Some of the major security vendors regularly publish solid streams of content. Sophos, Carbon Black and CrowkStrike are good for more technical pieces, while Krebs and other security news sites are good for more generalist knowledge.
Because it’s so broad, try to pick something that you’re interested in (or, what your customers are interested in) and focus on that.
What not to do:
1. Force connections
From a marketing perspective, the research you do can (and should) link up with what some of your customers or prospects want.
However, it’s relatively rare that research a consultant has done can easily line up with the customer narrative. However, it is still beneficial to publish and leverage your research to illustrate your company’s strong research culture.
In our experience, the best way for marketing to best leverage research is to form close alliances with internal research teams: know what’s in the works and when it will be ready, what problem that research is trying to solve, and who will best benefit from the intelligence it shares.
2. Jump on someone else’s breach
We’ve all seen it – a breach hits the headlines and a number of companies jump onto the ‘if they’d used our product’ line or feed into the FUD. Not only is this unhelpful and in most cases untrue, it belies that behind the breach is a security team that is working flat out to save their jobs.
Also, it makes you look like a jerk.
3. Publish for the sake of it
Only make some noise when you have something to say. We’ve seen more than enough examples of vulnerabilities that weren’t actual vulnerabilities and breaches that weren’t actually breaches. All this does is dilute the brand and its credibility.
4. Talk about your product
We know the shift from theory to practice has to happen eventually, but your research-based campaign is not the place. Make your objectives clear from the start: these campaigns should be about building trust and credibility in the market. When you do make that shift, we recommend that any campaigns around your product or service must be framed from the customer’s point of view to be truly effective.
Want to know more? Listen to our podcast, An Intro to Research-led Marketing, to listen to our chat with two of the most knowledgable cybersecurity stalwarts – Peter Cohen from HolistiCyber and Matt Lewis from NCC Group.