Cyber Security Marketing Strategies: The Vendor Challenge

One reason that marketing cyber security to potential clients is so difficult is because all companies expect that their vendors should and will be "taking care" of the problem themselves. As a result, businesses don't do a good job of managing the risks involved in sharing data with third-party vendors.

When marketing your cyber security services to prospects and clients, educate them about the risks involved in passing their data to vendors. One of the greatest challenges in crafting cyber security marketing strategies is educating potential customers that cyber risk is not just an IT problem, but actually a business problem.

Your marketing messages should educate prospects and help them understand that cyber security is not only a business problem, but also, more specifically, a vendor management problem.

The Importance of Vendor Security

We know cyber security firms understand the importance of vendor security, but do your prospects?

Especially when working with small- to medium-sized businesses, don't assume that they know or understand all the intricacies that you do. Phrase it to them in a way they can visualize and easily see the impact it has on their business.

Example

No matter how kind and trusting of a person you are, you probably have certain limitations on who can borrow your car. For example, you almost definitely wouldn't lend your car to a stranger who asked to use it in the street one day, or your coworker who was just convicted of his first DUI.

If you have children who use your car, you likely required them to have driving lessons before they could get behind the wheel themselves. You might even only allow your most trusted, long-standing friends to borrow it. By placing limits on who can drive your car, you're limiting the risk that your car will be involved in an accident and the risk that you'll be responsible for paying the costs.

Get everything you need to research and create your most targeted buyer personas.

The same kind of vetting process should apply to companies who trust their data and cyber security credentials to external vendors. Every time that customers' information passes into the hands of a third party, the company needs to understand that it's taking on an additional risk by doing so.

Just like sharing a secret with another person increases the chance that it will be revealed, sharing sensitive information with a third-party vendor increases the chance that it will be exposed in a data breach. For example, the massive Target data breach in 2013, causing the theft of 40 million credit and debit card numbers, was ultimately linked to the use of a third-party vendor's credentials.

Security firm Trustwave likewise found that 63 percent of all data breaches can be attributed to a third-party IT vendor.

Begin From Within

Are you helping your prospects solve all cyber related issues in their business? One of the most commonly overlooked cyber security marketing strategies is to speak to all of the pain points your buyer personas surrounding cyber risk, even if it isn't your primary product or service. So make content that talks to how your persona can address that pain point.

Example

Your clients should be aware that they're always accepting some degree of risk by giving third parties their sensitive data. Before agreeing to contract a vendor, companies concerned about cyber security risks should consider:

• Why is there a need to outsource services or data?
  
  
• What will happen in the event that the vendor experiences a breach?

You know that one of the best ways for companies to protect themselves from third-party data breaches is to take steps to safeguard their own IT systems.

Help your clients understand what they can do to protect themselves. Talk to them about how should implement encryption and multiple levels of authentication for all third-party requests to access their network and data and how employees should receive training about cyber security best practices at the company, including a well-defined policy for IT and data security.

Target Their Questions and Challenges

Really get into the mindset of a potential customer that is struggling with a vendor risk management problem. Maybe the don't know that is what their problem truly is. It is really easy to compare this with people who are searching for information about medical issues. They typically know their symptoms but have no idea what the true cause is.

For a vendor risk management problem, the questions a potential lead may ask about symptoms could be:

• What do I do if a vendor or business partner suffers a breach?
  
  
• How do I evaluate a potential vendor?
  
  
• What should go into a vendor legal agreement?
  
  
• What should my vendor assessment process look like?

Create content that will catch them when they are in the process making vendor agreements, educate them about the cyber security implications and provide them value. Show your knowledge in the area and they will see you as a trusted source of information.

It Comes Down to Education

Depending on your target market, cyber security marketing to certain audiences often involves significant education. Because many prospects believe vendors are responsible for handling the problem, education around vendor management becomes increasingly important.

Knowing your target audience and educating them about the best practices surrounding vendor risk management, will pay off in the form of more informed, more proactive prospective clients.