Analysing global revenue opportunities for cyber security companies.


Blog Post

A great cybersecurity product alone does not create success

Kevin Bailey • 3 September 2020

Entering a market without a comprehensive and active Go-To-Market plan will leave you sitting on the edge, watching others succeed.  

The United Kingdom and clusters such as Nordics, BeNeLux and UAE are major geographies in EMEA and often the first port of call for US vendors looking to commit to an international expansion for the first time or to grow horizontally have many factors that make them an attractive choice over other markets.

Perhaps the most obvious benefit is the language factor. Despite the often-repeated witticism that the UK and US are two countries separated by a common language, the fact that both markets conduct business in English (as do UAE, Nordics and BeneLux) saves a huge amount of time and effort.

The lack of a language barrier makes the job of assembling both in-house teams and third-party partners much easier and makes it much more viable to send over staff from the US office if that is your preferred route.

Sharing a common tongue also removes the mammoth task of having to translate your product architecture and marketing and sales assets. Translation can be extremely time consuming, especially if you have a large portfolio of products and services to launch. It’s also especially tricky in the cyber security market, with a long list of technical terms and phrases that have to be translated precisely and acknowledge their relevance or risk becoming nonsense. (You cannot wing-it with Google translate). 

The UK is an extremely open market for cyber vendors, with a high level of demand for security solutions and services and watched by other EMEA countries to see how a vendor performs. The clusters work like a WhatsApp group, sharing experiencing that can make or break a vendors efforts.

In particular, the EU General Data Protection Regulation has spurred further growth in the market as organisations of all shapes and sizes seek to invest in solutions to help them become compliant. Although there are many vertical industry regulations that also need to be adhered too, the EU-GDPR provides a single regulation for conformation unlike US businesses and providers that have to consider hundreds of privacy laws and regulations at state level such as CCPA and the FTC’s privacy framework covering each of the 50 states, 

However, it would be a critical mistake to assume you are the only security vendor planning a move to the UK or one of the clusters– as the vast majority of your competitors will have the same idea. Clear advantages for initial expansion into these countries, as well their own burgeoning local security community, means that these markets are flooded with vendors from around the world. This means that it’s more important than ever that your product/service offering aligns to the specific needs of these markets and the initial unveiling is adjusted to each markets' culture, maturity and preference for engagement. Speaking English alone does not acknowledge market acceptance. 

The challenge of standing out (or at least side-by-side) from the crowd, combined with high cost of failure, means that it is imperative that a vendor is well prepared before entering these markets. There is a lot of groundwork that needs to be completed for a successful go-to-market strategy, and it is vital that it is data-led obtained with qualitative primary and secondary research combined with inclusive internal planning done in advance.

Patience is a virtue that needs to be heeded. A common mistake is for a vendor to enjoy a high degree of success in their home market and come in expecting to replicate the same success in short order. However, simply copying and pasting your existing strategy and applying it to a new country will rarely work out and not provide the longevity that you and the mothership expects.

Many vendors – particularly more successful ones – will enter these markets with an internal belief that they have the best product and expect to immediately begin seeing orders flooding in. The reality is that you will be seen as a new entrant (more up-start than start-up) but with the benefit of [assumed] reference customers. A genuine launch will generally need at least 12 to 18 months to build momentum. This requires budgeting, resources and operations to accept lower returns on expenditure and for senior management to hold their nerve and have faith in the plan.

Cybersecurity is a growth market globally, so it will be attractive to achieve a foothold in the $billion+ market. But, CISO's and their staff want products and services that meet their need and clear explanations outlining the real benefits to them. Marketecture that claims you'll save their world or stop every threat that exists, doesn't get their time, so leave those for the tabloids.  

A clear Cybersecurity Go-To-Market strategy and executable plan needs to work in the field, in the office, in engineering, in support and continually informs senior management. Accept nothing less.

Share our content on your social media sites

Share by: