How do you sell risk?

Posted by Matt Culbertson on Jun 14, 2018 9:17:01 AM
Find me on:

It’s a Silicon Valley* refrain: Risk is better than regret. But does that motto sell?

Consumer brands seem to struggle with advertising risk management, and what that means for your personal or brand identity. Allstate Insurance’s “Grounded” commercial explains their accident forgiveness offering by appealing to family dynamics (link). Meanwhile, their popular “Mayhem” series aims to personify risk in the form of a bandaged, fast-talking disheveled suit-and-tie spokesman who looks as if he was just in a bar fight. 

When selling cybersecurity products to enterprise brands, the stakes are high: think Equifax, Yahoo, Home Depot, Sony, Target, or the U.S. Federal Government (or state, or local). Risk is about identity: who has the keys to the company castle? Consumer brands struggle with explaining the importance of identity, too: LifeLock tries to inject humor (see: “Bank” TV spot). Your identity isn’t just your company, or personal brand. It’s the very essence of everything you touch, from your credit cards, to your Facebook page, to your company servers. 

In the entire universe of tech vendors, cybersecurity product offerings seem on their face to be the ultimate risk management sale. Your security is almost always tied to your brand, and your brand is your identity - whether external facing (brand awareness) or internal (who is inside your company data - is it you?). As they say, identity is the new perimeter: neglect identity-based access at your own peril. 

At least in theory, convincing a prospective customer how much your solution fixes their problem should be straightforward, given the widespread public awareness of cybersecurity hygiene (though the reality isn’t so simple). “It’s not if you get hacked, it’s when.” “There's no excuse for computer misuse.” “Don't let your trash become someone else's treasure.” “If you suspect deceit, hit DELETE.” The list goes on. How often is this messaging resonating with target buyers? 

The answer: it’s resonating on the dark web. Your SSN is sold for as low as $1 on the Dark Web, per Experian’s April 2018 data. Your credit card number is as low as $5. Your passport might fetch $1,000. Try putting a price on your identity, your risk preference, and ultimately, the very survival of your organization. Perhaps not shockingly, 60 percent of small businesses that suffer from a hack go out of business within six months. 

I’ve just started with Preempt’s marketing team, and I couldn’t be more excited. After a 10-day trip between jobs across Colombia, risk management has been on my mind - personally and professionally. Managing risk is as simple as keeping a first aid kit, water and jumper cables in your car, or as complex as what type of fraud alerts to configure, what type of traveler’s insurance to buy, and whether to register your trip with the U.S. State Department - even if it’s just for their travel alerts. On the identity front, I had enough trouble withdrawing from ATMs in Bogota, Cartagena, Medellin and elsewhere that I wonder if I should thank the banks for being so discerning, or ask whether their identity verification and fraud prevention practices are up to speed.

For the enterprise cybersecurity sales cycle, the buying process is as complex as it is cliche: “you’ll lose your job if you are negligent and get hacked, our solution will help you keep your job.” “You’ll be rewarded for reducing your organization’s exposure to breaches, our offering will improve your chances of a performance bonus.” “Your team is overloaded with security alerts, our offering will improve morale, retention, and ability to respond to real, tangible threats.” And of course, “How would your CEO feel if someone stole their identity?”

In the end, risk is everywhere, at some level risk is the personification of business, and perhaps more than that. Cybersecurity is risk management, but so is supply chain analytics, or healthcare IT, or automotive maintenance, or hospitality, or venture capital. Cybersecurity is your brand, and your brand is your identity - personally, professionally, or organization-wide. Cybersecurity marketers might just have it a bit easier because with every hack, there’s quite often a very obvious scapegoat. Meanwhile, a company’s failing stock price can often be attributed to a dance between shareholders, the board, the management, the company culture, et al.

At Preempt - whether we’re blogging, selling, or building products, the goal isn’t to over-sell you on risk, it’s to problem solve and, yes, make the world better. (Download our Insider Threat whitepaper and learn more!) I’m looking forward to the journey and excited to join this team. A special shout-out to the Preempt team for an excellent onboarding and an exciting pipeline of product news, company achievement and happy customers. 

*Silicon Valley takes credit for a lot of things. For this maxim, consider looking up decision theory rather than Bay Area techie ethos. 

Topics: Risk, Identity, Informaton Security