Cybersecurity: Still Not a Profit Center in 2021

What I haven’t seen yet in the inevitable year-end blog predictions of what will happen in the coming year–and it struck me as odd because it seems like someone always has to have it as a bullet point–is that brands can start using their better-than-average security postures as a way to build a tighter bond with their customers. Indeed, those security-savvy consumers are going to be ready to pay more for better security.

Unfortunately, this is mostly hogwash. Except in some very specific instances, consumers don’t actually want to pay a little extra for more cybersecurity. There’s a way in which Amazon gets the business for certain transactions (with international sellers, for instance) because they create a safe market for these transactions, but the main reason people are buying things via Amazon is because the prices are at least as low as anyone else’s, because they deliver things almost faster than you can decide to buy them, and because some of us are just complete suckers for Amazon Prime’s free delivery.

A 2016 report from Cisco interviewed just over a thousand security executives and found almost half of them at least paying lip service to the “competitive advantage” theory:

The underlying report can be found here, but I note in passing that when I went looking for it, I got a stern warning from my browser. I don’t think Cisco is losing any sleep or any business (or even any downloads of their report) over this.

On the other side of the coin, there isn’t a lot of convincing evidence that most companies that undergo publicly reported breaches actually lose all that much business or that many customers as a result.

There are exceptions. There are businesses that got creamed because of breaches. And there are ways in which financial institutions trade directly in customer trust…and this almost certainly spills over into the cybersecurity realm.

But as 69% of Cisco’s recipients rightly put it, security is about managing risk. It’s about keeping the transactions flowing uninterrupted. It’s the cost of doing business, just like accounting or paying for Salesforce.

So, if you’re a security marketer and you’re thinking about everyone’s mid-pandemic heightened awareness of security issues, well, there might be something there. But you’re pushing it too hard if you try to paint your product or service as something that will actually return a profit for your buyer’s investment. That’s just not how security works.