Jumping on the bandwagon, yay or nay for cyber security brands?

How do cyber security brands react to incidents like "WannaCry?"

In the wake of the massive WannaCry ransomware attack, one would think that cyber security salespeople were rubbing their hands in glee with the potential of customers banging their doors down.

Yet during such large-scale global incidents, do cyber security brands see value in jumping on the bandwagon with marketing messages around it? The answer appears to be a resounding no, despite their consumer brands counterparts doing it all the time.

“It's not about jumping on the bandwagon, but about being a trusted advisor when customers and partners need you most. Major developments like WannaCry are part of an ongoing marketing and business strategy,” said Vitor De Souza, senior vice president, global marketing, FireEye.

“To be a trusted security brand, you need to be there for customers and partners during challenging times like that,” he added.

Debjani Gupta, communications lead, Asia Pacific, RSA, concurs, emphasising on prioritising a business reponse rather than a marketing one.

“As a marketer of a cyber security solutions company, there is always a strong tendency to jump on the bandwagon to push out marketing messages in times of cyber-attacks,” said Debjani.

“However, RSA has always focused on providing customers with business-driven security solutions, thereby helping them comprehensively and rapidly link security incidents with business context to respond effectively and protect what matters most,” she added.

For Brendan Leitch, head of marketing, Asia Pacific, Ixia, not jumping on the bandwagon shows a brand’s maturity and pedigree.

“There is generally not an isolated urge to jump on the security bandwagon for no apparent reasons. Companies with a true security pedigree and relevance to an organization’s cyber security see it as essential to provide guidance when these unfortunate incidents break out and continue to be a trusted advisor,” said Leitch.

“Internally at Ixia, it is not seen as an opportunity as much as it is seen as a responsibility to provide guidance at times like these to those who always to look to us for it,” he added.

If it ain’t broke...

Cyber security remains as a sector that if things are going well, people ignore it, but when things start going downhill, a million questions are raised immediately. The temptation then to use fear marketing to generate leads outside of a major incident can be high, but the cyber security brands abstain from doing so.

“Today's cyber security challenges create enough fear on their own, so I don’t think vendors need to stoke those fears further. Marketing should be about how you want customers to know you and what you represent to them. We want our customers and partners to be confident that we are on their side and we are there to help,” said FireEye’s De Souza.

For RSA, it is about delivering positive customer experiences rather than utilise fear in their marketing messages.

“We understand it is our responsibility to consistently educate customers and the ecosystem on the new and emerging cyber threats and advise them on risk mitigation methods,” said RSA’s Debjani.

Ixia claimed that lead generation is not an issue between major incidents.

“Security professionals and executives in more sophisticated enterprises and government departments are looking at security constantly and planning upgrades and projects to enhance cyber security as much as possible regardless of large cyber events. As a result of this, normal awareness and demand generation marketing that provides enterprises with solutions they need, is keeping a constant flow of steady new deals,” said Ixia’s Leitch.

“Ixia does see some increased interest after major attacks, but this is from non-sophisticated enterprises and does not materially change the number of leads in a short period of time. It increases the awareness and number of leads and deals that come in over a longer horizon of 6-12 months as businesses plan changes,” he added.

Change of plans

While cyber security brands might not jump on the bandwagon of such international incidents, does it affect their marketing plans for the year? The answers appear to be mixed, with some holding steadfast to their strategy for the year, while others appear more flexible in responding to incidents.

“Some marketing activities that take place after the incident to ensure there is clear communication to customers, partners and prospects. We also plan for moments like this, because it's the new reality. We want to be sure that when major developments occur, we take steps to educate key audiences to provide our point of view and any fixes or other support. We don't want to be part of the noise. We take a very targeted approach,” said FireEye’s De Souza.

“Our marketing strategy and plans evolve alongside with the cyber threat landscape where we put our customers first and ensure they are always up-to-date on the latest business-driven security solutions to help improve their decision-making in their security strategies,” said RSA’s Debjani.

“While we continue with planned communication and campaigns for the year, we do not ignore such major cyber incidents. RSA runs campaigns to educate customers and partners on these incidents and its aftermath,” she added.

Only Ixia claimed to remain faithful to their marketing plans and strategy for the year despite such incidents.

“Ixia promotes awareness and drives lead generation activities throughout the year on relevant security solutions for our potential customers. One change that is happening at Ixia is the need to make responses faster when our customers need them and expect them. This is crucial to ensuring our security brand remains exactly that with those who trust us,” said Ixia’s Leitch.

As cyber security incidents increase with more and more of the world going online, cyber security brands are looking to be more proactive with their marketing.

“We have a front seat view into what's happening in the world, and new developments like this strike frequently. We plan ahead for big incidents like this. We know how to react to big moments like this because we've been expecting it,” said FireEye’s De Souza.

“We want to help our key audiences first. We want to provide fixes and genuine insight so we aren't part of the noise,” he added.

“Incidents such as “WannaCry” provide Ixia with an opportunity to be more pro-active as opposed to reactive. Potential customers are more receptive to learning about security architectures, preparedness, and solutions,” said Ixia’s Leitch.

“With this, Ixia gets more interest in all of our promotional materials both from inbound perspective and outbound perspective with emails and events,” he added.