How Cybersecurity Companies Can Become Trusted Partners

Critical Insight CEO. Mission-driven to defend life-saving services from cyberattacks.

In the cybersecurity business, I am seeing leaders muddle their core promises to customers with a relentless pursuit of complex features and underlying capabilities.

This struggle is nothing new. In the 1980s, the competition over features resulted in the “ultimate programmable VCR” at the complete expense of usability. The desire to watch and record videos at home was taken over by a myriad of ways to program recordings and playback. The result was long, poorly written manuals that left most parents asking their kids for help.

Certainly, great brands are supported by brand pillars. A core promise is supported by the illustration of real reasons to believe. But if brand pillars become heavy weights to bear, they destroy the message. They destroy the core promise.

As IT leaders look at cybersecurity offerings today, they see a proliferation of acronyms, deep technical claims and broad feature sets that leave the average leader wondering where to start and what to believe: CSPM, UEBA, Zero Trust, Cloud Native, Open XDR and so on. These are important concepts, no doubt, but they are ultimately tools to an end. A how-to guide on any of these concepts would create a manual deeper than any 1980s programmable VCR.

To resolve this confusion, brands try to sum up a long list of technical claims with oversimplified, unbelievable umbrella promises. They make claims such as being “leaders” or “number one.” They claim their solution offers “absolutely complete protection” or will make an organization “100% secure.” Customers know these are exaggerated, impossible claims. While they create a broad cover under which an infinite number of technical claims can be made, they fail to provide a core promise the customer can understand or believe.

From my conversations with IT leaders, I’ve learned that, instead of big claims, cybersecurity customers want a trusted partner. They want results. They want to get back to focusing on their core business. They want to know if cybersecurity risk is being managed by experts as an ongoing security journey.

They don’t want a thousand acronyms. They also don’t want fluffy, unbelievable promises.

A security journey is complex, undoubtedly. Layered security controls require technology and deep subject matter expertise. Any “trusted partner” needs to demonstrate this depth of capabilities. But importantly, these capabilities cannot detract from the core promise. In cybersecurity, a “trusted partner” is one that has great service first and great underlying technologies second.

Great brands have a core promise that is not lost in the details. Brands in cybersecurity must find ways to create “reasons to believe” (RTBs) by exposing underlying capabilities and expertise without letting these RTBs take over the core brand promise.

Yes, in the 1980s, many brands sold programmable VCRs. Yes, today, many brands are selling cybersecurity gadgetry. But ultimately, even in the 1980s, didn’t we really just want to watch videos and shows? Isn’t streaming video from a simple remote control so much better? In cybersecurity, today, don’t we really want a trusted partner that can provide ongoing guidance and services rather than an endless self-help menu of acronyms?

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Comments are closed.