In a recent SafetyDetectives interview, we chatted with Joe Pettit, Director at Bora Design, a leading cybersecurity marketing agency. Joe shares his insights into the unique challenges and strategies of marketing within the cybersecurity sector.
He discusses how Bora Design stands out by leveraging their industry-specific expertise and deep understanding of their clients’ needs. We also explore emerging trends like the use of AI in marketing and the growing importance of video content.
Joe highlights common misconceptions companies have about marketing cybersecurity products and offers advice on how to navigate these pitfalls.
Can you share a bit about your background and role at Bora Design? How did you get involved in the field of marketing for the cybersecurity sector?
Bora is a cybersecurity marketing agency. My role within the company as Director is to help manage the administration and day-to-day operations of the business.
I am also heavily involved with client relationships. I work directly with many clients, helping the team deliver on projects of all sizes and scope. I’m also responsible for building new business, cultivating relationships in the industry, and ultimately making Bora as successful as possible.
Bora was formed nearly 14 years ago through a casual interaction with David Turner, who was working on RSA conference. David was composing a marketing campaign that was coming to an end. He wanted to set up an independent cybersecurity publication. I didn’t have much experience as my background was in marketing and business and I didn’t have any experience in cybersecurity, Also, back then, the field of cybersecurity was still quite immature in its development.
We set up the publication, and from there, it helped us grow Bora to what it is now. We established lots of great relationships in the industry. We worked with different public relations agencies, thought leaders, and people who were active on platforms like Twitter and LinkedIn. The business grew from there. Over the years, we attracted more clients and developed the business to where it is now.
Can you talk a little bit about what sets Bora apart in the industry?
The main factor that sets us apart is that we are dedicated to cybersecurity marketing. We don’t work in any other industries. There is crossover with privacy, and we’re starting to see more AI-related topics now, but our focus remains with the cybersecurity aspects of these subjects.
Some areas where we differentiate from the others are:
- Industry Understanding and Expertise: When I speak to new clients, and they are evaluating different agencies, one of the things they really like is that we understand the industry and have experience in it. It’s important because you can’t just pretend that cybersecurity is like retail or any other industry; they are very different.
- Combined Expertise: We have marketing experts within the team, as you would expect from a marketing agency. But we also have cybersecurity experts who have worked in the industry who understand both the technical aspects, compliance requirements, and regulations in a way that many other agencies can’t.
- Content Marketing Strength: We provide a lot of content marketing, and we have a strong network of writers with diverse backgrounds. We have security professionals who have been in the industry their whole lives and now write full-time. We also have writers with journalistic backgrounds who understand how to write news-related content. Additionally, we work with freelancers who specialize in specific areas, like API security, to provide expert content.
- Networking and Relationships: One thing that sets us apart is our ability to network and build relationships. For example, if a client needs help creating a webinar and wants the insight of a healthcare CISO or CTO, we can use our network to connect these people. We build ongoing relationships, creating opportunities for ebooks, white papers, webinars, and blog contributions.
- Understanding Industry Nuances: Typical marketing agencies might push social media advertising heavily, but we understand that cybersecurity professionals view things differently. They are cautious about clicking links and using URL shorteners because that’s what cybercriminals do. We know that most cybersecurity professionals prefer LinkedIn over Facebook due to privacy concerns. This understanding of industry nuances helps us gain a competitive advantage.
In your opinion, what are the most significant challenges facing businesses when it comes to marketing cybersecurity solutions effectively?
The biggest challenge we’re seeing now, and have seen over the last 18 months, is budgets. It’s a challenge for marketing teams and businesses in general. People are always expected to do more with less; that’s just a continuous evolution. So, when budgets are cut, an organization has to prioritize what gets cut first, and they have to be judicious about where to spend their marketing budget moving forward.
When the pandemic first hit, and in-person events were halted, it gave people a bit of a shakeup. For example, the cost of attending some events can be astronomical. You have to hire the space for the booth, set up the booth, cover the cost of going to the location, and pay for sponsorships. For a medium-sized business, this is a huge investment. They have to calculate if they will realize a good return on the investment. Understanding where to spend your marketing budget is really important.
This leads to the attribution side of things. How do you measure the success of attending a large event? Five to ten years ago, people would scan an attendee’s admission badge, aiming for a specific number of scans. But when you look at those scans, they often end up being students or other vendors who just want some free swag. If an organization measures success using only the scan metrics, it might seem like a successful event, but they are not cultivating the best business relationships.
You can apply this concept to any part of marketing. If you’re providing email marketing campaigns, do you have the tools and resources to measure the results and success? If you have budgets for events, email marketing, and social media advertising, and one of these elements works better than the others, you might want to focus more on that. If you can’t measure that, how can you know where to invest?
Another challenge is trying to stand out from the crowd. There are lots of vendors, and more are emerging all the time. It’s a big industry now. What differentiates your product from the others? That’s a huge challenge because you have to be creative. I’ve seen lots of companies copying each other, with very similar names and approaches. When I speak to company representatives and Chief Marketing Officers, this seems to be a big challenge at the moment.
What are some common misconceptions that companies might have about marketing their cybersecurity products or services, and how do you address them?
I’ve come across people who think that “ambulance chasing” is good. What I mean by that is when something happens, like a news-related event or a data breach, they believe that talking about those incidents is a good way to get their name out there. They think that piggybacking on someone else’s misfortunes and discussing how their technology could have prevented it is beneficial. I believe that’s a very dangerous approach for several reasons.
One reason is that people often make assumptions about the details of what happened, and the media doesn’t know every bit of detail.
Secondly, no matter the size of your business, you should treat every business out there as a potential client. If you start piggybacking on data breaches of particular companies and their PR teams see that, in two or three years when you’re growing and approach them, they might remember what you wrote about them and reject you. You have to be very careful about how you report sensitive topics. It’s okay to highlight incidents, especially if they are factually correct and the PR or communications team has released a statement. But you must tread very carefully.
Another misconception is that buzzwords are good. I see so many buzzwords and acronyms in this industry. Sometimes the same acronym stands for different things, like SCM, which can mean Security Configuration Management or Supply Chain Management. People interchange these terms. When companies use phrases like “single pane of glass” or “best in class solutions,” it doesn’t resonate with the prospective client as they think it does. Security professionals see right through that. You need to communicate in a sincere, honest, and straightforward way so people understand what you do. Buzzwords are definitely bad and can be misleading.
Lastly, some people believe it’s okay to publicly speak badly about the competition. I’ve seen companies create pages comparing their products to competitors, highlighting their own great features and being very harsh against the competition. At Bora, we don’t think that’s the right way of doing things. You shouldn’t push negative comments about competitors publicly. Focus on what you do right and push that message instead. When security professionals see companies bashing competitors on their websites or social posts, they might question if those are the kind of people they want to work with. You might get some short-term success, but long-term, it sets you up for failure.
With the rapid advancements in technology and evolving cyber threats, what emerging trends do you see shaping marketing strategies for cybersecurity firms in the near future?
There’s one trend that really stands out and is on everyone’s mind: Artificial Intelligence. AI is definitely shaping how people are executing marketing right now. While it’s the number one thing that people need to think about, and it should definitely not be ignored, there’s a time and a place for it. At Bora, we are seeing some companies trying to use AI to generate their own content, like creating blog posts and advertisements. That’s very dangerous to do right now. We are in the infancy of AI, and it’s going to improve and get better. But you also have to consider the knock-on effect. Some technology companies are offering AI tools because they want people to search using that tool, and that’s how they generate a lot of revenue from pay-per-click and other and advertising. They don’t want people generating content from other AI providers. As a bold prediction, I foresee companies starting to penalize AI content that is generated from other sites.
It doesn’t mean you shouldn’t use AI. I think it’s great for coming up with ideas, titles, and even doing some research, as long as you can verify where those sources come from. But you have to tread very carefully with AI. Use it, but know there’s a place for it. I wouldn’t create content with it right now, but let’s see how that develops. I see that as one of the emerging trends.
Another trend, though not entirely new, is the increasing use of video. AI tools are also impacting this area, but more companies are turning to video because consumers spend a lot of time on video-based platforms. While security professionals might not use these platforms as much, the next generation coming through will be using more video. In regions like Southeast Asia, short video content is very popular. More marketing teams will start creating more video content and try to be more creative with it.
The other trend we at Bora see happening more in the cybersecurity sector, rather than marketing specifically, is vendor consolidation due to budget constraints. People are being told to do more with less. Companies with different solutions want their clients to use their company for multiple solutions. Marketers have to become more creative in how they cross-sell and position that messaging.
Many security experts prefer to use many vendors as a way to avoid a vulnerability affecting a single vendor. They believe that if there is a data breach or a zero-day vulnerability, having all tools from one vendor could be detrimental. The principle of defense-in-depth is not about diverse vendors, it is about diverse protections. Historically the attacks against a vendor’s product has not impacted the entire product line. Using a single vendor for most of your security could be cost-saving and offer better integrations while maintaining defense-in-depth. It’s important for marketing teams to meet this challenge by emphasizing this messaging.
Our interview with Joe gave us great insights into some of the challenges of cybersecurity marketing, as well as some key considerations for those seeking a marketing company. To find out more about Bora, visit them here.