Reaching the Cybersecurity buyer – who and where are they?

Kevin Savage

11 September 2019

Kevin Savage

The number of unique cybersecurity incidents grew 27% from 2017 to 2018, dominated by attacks on corporate infrastructure (49%) and websites (26%), according to a study from Positive Technologies[1].

Separately, the ICO recently announced two very substantial fines for failure to protect data from malicious actors, although both British Airways (£183 million)[2] and Marriott International (£99 million)[3] intend to appeal these fines.

So IT security is an ever-growing challenge for organisations of all sizes, and the cost of failure to protect those assets is also increasing.

Which means life must be easy for anyone selling cybersecurity solutions, right? If only it were that simple.

One of the main challenges for cybersecurity vendors is finding the right person to sell to. Does an organisation have a dedicated security function, is it part of another role, has it been outsourced, or does it even exist at all?

Recent research from Rhetorik found that only one quarter of head office sites (26%) have a dedicated security function on site.

A further one in three have the security function as part of another role, and this holds true for small sites with fewer than 50 employees all the way through to the largest with more than 1,000 employees.

Why? One reason may be the difficulty firms face in recruiting to IT security roles, as the past 3 years have seen ever-increasing cybersecurity skills shortages[4]. These shortages are now affecting nearly three quarters (74 percent) of organizations, as revealed in a global study of cybersecurity professionals by the Information Systems Security Association (ISSA) and independent industry analyst firm Enterprise Strategy Group (ESG).

What does this mean if you are selling cybersecurity, and how can Rhetorik help?

Firstly, focusing only on IT security professionals is a mistake, as you will be missing out on the one in three organisations that don’t have one.

Secondly, assuming every head office has an IT security function on site is also a mistake. Around a quarter of them don’t have the security function on site, so make sure you reach those security buyers based elsewhere.

Finally, Rhetorik’s NetFinder database can help with all of these challenges.

We have data on more than 45,000 sites across the UK and Ireland, of which around 40% are head office sites – so we cover head office and other sites.

We have IT security professionals and IT decision-makers – so we cover the specialists and the ones covering the function as part of a broader role.

And we have more than half a million data points on technologies present at those sites – so we can help you identify and prioritise where to focus your efforts.

What challenges do you face in reaching cybersecurity buyers?

[1] Positive Technologies – Cybersecurity threatscape 2018
[2] ICO – Intention to fine British Airways
[3] ICO – Intention to fine Marriott International, Inc
[4] ISSA & ESG – Cyber security skills shortages