H1 2022 cybersecurity product-driven growth market map – Marketingwithanoy

Product-driven growth is one of the most discussed topics in the startup world, as the market capitalization of public companies using the growth tactic has soared in recent years.

It’s no different in the cybersecurity space. Why? To find out, I analyzed over 800 products from more than 600 suppliers using information from open sources including Google, Gartner, CB Insights and startup/supplier lists from various sources.

The focus was on security products, not service providers, except for companies that have “manufactured” their services, ie offered them as a package of products, transparently priced per user, with the option to sign up online, etc.

Of the 824 products tested, 151 can be described as product-driven.

The map below summarizes the state of product-driven growth in the cybersecurity industry.

Image Credits: Ross Haleuk

The categories are deliberately broad; below explains what was included in each category. Some companies have product offerings that fall under multiple categories; I have tried to display it on the map as well.

The companies listed here are at different levels of PLG maturity: while some have pursued the product-driven growth strategy since the beginning, others have made a turnaround or are still in the process of making a pivot from sales-oriented to PLG.

Companies that do not embrace ideas of openness and transparency will be driven out of the market.

Trends that determine the adoption of PLG

What drives cybersecurity companies to drive product-driven growth? I have observed several PLG related cybersecurity trends while preparing this market map.

Traditional sales channels have become inaccessible to startups

Chief Information Security Officers (CISOs), leadership teams and middle managers have been bombarded with marketing and sales pitch from security vendors. Selling to the highest echelons of security leadership requires a large network, introductions, and a large budget for invite-only events, dinners, and other entertainment.

These top-down product presentations are not only expensive, they are also ineffective. Hundreds of thousands of vendors trying to present security tools and solutions to security leaders can lead to “supplier overload.”

Security startups have limited resources and can’t afford to “wine and eat” CISOs, and they don’t have the brand recognition to cut through the noise of supplier overload. As a result, entrepreneurs are forced to look for new ways to acquire customers that will allow them to build companies with reasonable unit economy and the ability to grow. PLG enables companies to reduce customer acquisition costs, bringing total cost of sales as close to zero as possible, enabling hockey stick growth.

Value is a factor that determines whether a particular segment can be product-oriented

Not all cybersecurity product categories have an equal opportunity to take advantage of the unit economy and the growth potential that PLG enables.

The factors that ultimately determine whether a particular segment can be product driven are how tangible the product value is and how long it takes for a user to fully realize the value of a product in question (“time to value”).

First, the product value must be well defined and easy to understand. In other words, a person using the product should be able to easily tell the difference between “before” and “after”.

Developer-focused products and tools for technical security professionals have a clear advantage here because they solve very specific problems that their users experience, as opposed to segments such as endpoint detection and response (EDR) that sell “security” in the broad sense. Being able to see the product value is not enough; speed is just as important. For example, if it takes months to see that the product has prevented ransomware, it is unlikely that people will upgrade to the paid version after 30 days.

One way to communicate the value of the product is to visualize the metrics that best describe the product. For example, an antivirus program might send a daily notification about the number of viruses removed, while a compliance management tool might provide a dashboard of the number of compliance violations detected during the week.

Developer-centric and consumer collaboration tools are leading the PLG wave

Leave a comment