Updated October 23, 2024
When I sold software in the past, I was able to get by in sales with a combination of my people skills, problem-solving skills (especially around uncovering the depth of a problem), and math skills to connect a solution to the value of solving those problems (ROI).
However, I quickly realized the same-old-same-old approach wasn’t going to work when I started selling cybersecurity services.
In today’s post, I’ll share some tips that worked for me, and ways to take it even further.
While cyber liability is different from cybersecurity solutions, these are all complimentary solutions to the same problem: cyber risk.
Here’s the bottom line:
If you want to win more sales or increase deal sizes, your prospect needs to understand their level of risk to see the full value of your solution.
A Quick Flashback
I still remember the first time someone confidently told me “I have no risk”.
It was a 2-person chiropractor office local to me that I met through a chamber event. They were willing to take the time to speak with me and hear me out, but I just couldn’t wrap my head around their objection – the overconfidence was shocking, and I was (still am) legitimately concerned for their business.
They just didn’t see how anyone would ever target them – and I didn’t have the skills or knowledge yet to be able to explain that their level of risk was only partially impacted by them being a target or not.
I knew they had risk, but I couldn’t change their mind. The more I tried, the more they dug their heels in.
A few things became clear:
- I could go blue in the face trying to change the mind of people that are saying they “have no risk”.
- I was going to need to get ready for completely different objections and sales conversations than I’d heard selling efficiency-driving software.
- Math alone wasn’t enough here because, despite whatever statistics I spouted, everyone seemed to think they were unique and none of that applied to them or their business.
- I needed to do more to educate my prospect before objections like this came into the equation.
I did a few things right away to make a change.
First, I started reading and absorbing related content, a ton. I sought out more effective sales tools and concepts to help improve my ability to respond to objections like this. (Not much out there really taught me how to specifically sell solutions for cyber risk though, and I still don’t ever see much on this topic).
I also started to identify red flags where my prospects either had their ‘head in the sand’ or were overly confident they’d created the Ft. Knox of IT systems. I saved my energy for people that were in the right mindset and knew they had risks to address.
One thing that I also changed was when and how I allowed that objection to come into the conversation. I shifted my engagement to be more educational.
I think where I failed that chiropractor is that I probably pitched something too soon or asked a question they weren’t prepared to answer yet. I found that timing mattered and that I could work proactively to ask the right questions or create conversations that proactively removed my obstacles.
The combination of that and other work I was putting into my skills shifted how I approached conversations, and I eventually learned how to get through to those former ‘red flags’.
What Are the Common Challenges Salespeople Find With Cyber Risk?
When I talk to people in sales roles that are providing a cyber-related solution, and especially insurance brokers, here are the most common problems I hear:
- They are afraid to even start the conversation because of how technical it could be.
- Similarly, the prospect may be intimidated by the technical nature of their cyber risks and would rather keep their head in the sand.
- Sometimes, for fear that if they know better, they’ll have to do something differently.
IT will push back and could block a deal if engaged incorrectly (and in extreme cases they may be offended when someone suggests their environment isn’t 100% secure). - Prospects still just don’t see the level of risk or how they could possibly be anything like the companies in the statistics and news articles your marketing team is sharing.
- And, after an exhaustive debate, the prospect just doesn’t see the risk is worth the cost to do anything.
While there are probably a few other common challenges we could all add to this, there’s a pattern I start to see in this list:
- Technical language is a hurdle
- IT should be an ally but becomes an opposition
- Risk perception is too low to have enough value to invest in a solution
Side note: I left out things like “I don’t have a budget for this”, “this is bad timing”, and other very common and expected objections. To keep it short, those often tie back to the risk perception being too low.
Want to Overcome These Challenges and Sell More?
Here are a few things I’ve learned about all of this:
Initial cyber risk discussions don’t need to get technical
Don’t get into the weeds where you and the prospect are likely to get lost.
Talk in terms of business cases instead of technical challenges and solutions. If you want to win more and larger deals here, you need to appeal to the full C-Suite and rally them behind a unified objective to protect their other business goals and functions.
For cybersecurity solutions, you may need to get technical once the value/risk is established, but if the conversation is heading that direction, it’s a sign that the buyer is teasing the idea of your solution and probably ready to engage a solution engineer or product expert for a demo.
Either way, the business case has to be established first if you want to improve your chance of success.
As the prospect starts working on addressing their risks, that’s when it’s time to start digging deeper into the technical aspects of it and addressing them.
For the purpose of the sales conversation, a business case can be made without getting overly technical.
Make IT the hero
When you get technical, you’re entering into IT team’s arena (and I’ve met plenty that love to shut down salespeople, some people take great pride in it actually).
Chances are, you’re probably very much on the same side of things and IT has likely been clamoring for help with cyber risks. However, if you are speaking negatively about what is or isn’t happening to protect the business, you could create a point of confrontation with IT.
Shifting the conversation back to the business case means you go beyond IT. This puts them in a position to leverage your insights and resources to most likely justify things they too have been pushing for and asking to implement or improve.
Increase their understanding of the factors behind their risk
Risk is a factor of Likelihood (probability) and Impact (cost).
If you can expose reasons why the Likelihood and Impact are both higher than they may have originally realized, you can increase the overall perception of risk – which increases the value of your solution.
They still may not fully see the risk as you do, but this is a start in the right direction.
This is all easier said than done and there are nuances to how to do this. It’s a deeper topic than I can fit into one blog post, but hopefully it gets some ideas flowing.
Ready For More?
In addition to content shared regularly on LinkedIn, I’ve compiled many of the lessons I’ve learned into our Sell More Cyber program at SellMoreCyber.com.
It was created to help salespeople of all levels of experience or technical knowledge. Even seasoned sales professionals can walk away with and start to use in conversations.
On that page, you’ll also find a free course on “Simplifying Cyber Risk” that will help give you some simple ways to get clients thinking about their risks, so I highly recommend checking it out and exploring what’s there.
Happy selling!
Did you miss the Catalyit Live Session on this topic? Watch it now.