Today’s tech media landscape has become cluttered with an abundance of information platforms and sources. Where, then, are cybersecurity professionals, C-Suite leaders, and CISOs in particular, turning to for in-depth, trustworthy information?
Merritt Group partnered with T.E.N. to survey CISOs to ascertain the “who,” “where,” and “why” regarding their information-gathering preferences. Full details can be found in the full 2020 Marketing & Selling to the CISO report, but here’s the breakdown of the top four trusted information sources for CISOs:
- Industry Peers
By far, the most common method that CISOs choose to acquire information that feeds buying decisions is through conversations with their industry peers. Whether it’s about receiving information on new cybersecurity vendors and products (64 percent) or just becoming more educated on industry trends (43 percent), our survey results made it abundantly clear that CISOs trust and appreciate their fellow leaders more than any other source of information. Therefore, marketers need to focus the majority of their time and resources on building relationships that will be rewarded with organic, word-of-mouth recommendations. For example, social media offers one easy avenue to nurture relationships. Develop an engagement strategy to identify the platform where the individual(s) you are trying to reach are most active, engage with their content via comments and likes and post your own insights and thoughts to facilitate conversations.
- In-Person Events
So, where do CISOs engage with these industry peers? The most common answer, at least prior to COVID-19, was at in-person events such as dinners and roundtable discussions (38 percent). Our survey validated that CISOs appreciate the interpersonal and intimate settings that these options provide, especially when compared to the more traditional avenues of webinars (15 percent), whitepapers (15 percent) or case studies (13 percent). A top CISO at a network visibility firm even noted that given time constraints, he would much rather talk to peers than join a webinar that’s unlikely to wield actionable results.
However, organizational resources and priorities have been transformed in the new era of social distancing and remote work. By recognizing that there is not a true substitute for in-person events and face-to-face communication, CISOs, vendors, and marketers alike should focus on finding a Plan B, or even Plan C, to build relationships, just in case the new norm of remote work is here to stay. Rather than waiting for life as we know it to resume, consider planning a virtual conference with smaller breakout sessions for in-depth discussion or organizing an exclusive first look demo of a hot new solution. We are closely monitoring shifting mindsets towards virtual conferences and engagement with online networking sites, such as LinkedIn. Our report found that 66 percent of CISOs currently use the networking tool on a regular basis and they are receptive to making new connections.
- Objective Industry Research
Another popular source of information that CISOs rely upon to stay informed on the latest trends is industry research (28 percent), but not all reports are equally respected. Those that really make a difference in CISOs’ decisions are the ones that remain vendor-neutral and objective, rather than pushing a particular product or messaging. Additionally, thought leadership blogs that discuss new threats and/or attacks (53 percent) are often sought after by CISOs striving to keep themselves up-to-date with the constantly-evolving threat landscape.
With this in mind, security marketers should focus on developing research and thought leadership content that speaks to hot button industry trends to capture CISOs’ attention. Ditch the marketing materials and focus on adding real value to industry discussions. Survey industry experts on a challenge you know affect CISOs, explore the ins-and-outs of a recently discovered vulnerability or provide a deeper dive into new tactics ransomware is using to target remote workers. By highlighting issues that matter instead of touting your product, your message won’t fall on deaf ears.
- Security Trade Publications
While major business publications, such as Wall Street Journal, Washington Post and CNN, might reach a much broader audience, security trade publications are actually the most popular among CISOs. Industry trades outlets such as KrebsonSecurity, CSO, and SC Magazine are often much more targeted and detailed in their reporting than traditional business press because it’s all they cover 24×7. CISOs read these publications to gather more technical insights, regularly contribute their own advice, and share their personal experiences with each other.
What information sources are less popular among CISOs? It might be surprising to some security traditionalists, but when compared to our 2018 report, influencers are now less likely than ever before to be sought out by CISOs searching for cybersecurity news, with 60 percent of CISOs not even following them. Though many security marketers opt to invest with popular analyst firms such as Gartner and Forrester, the credibility of an analyst report has dropped significantly over the last few years, and is now relied on by only nine percent of CISOs.
Armed with the knowledge of what is and isn’t working, you can develop an outreach strategy to connect with this hard-to-impress demographic. Whether it’s making your social media debut, identifying strong and trusted industry voices to host a small virtual event on your behalf, or giving your blog and owned content a facelift to better address industry challenges, you now (hopefully) have some ideas on how to improve upon your efforts to reach CISOs and meet their ever-changing needs and priorities.
The full Marketing & Selling to the CISO report can also be downloaded at www.merrittgrp.com/ciso2020-report. To learn how Merritt Group can help you better reach and convert your cybersecurity buyer, contact Michelle Schafer at schafer@merrittgrp.com.