Up until 6 years ago, I was able to get by in sales with a combination of my people skills, good problem-solving skills (especially around uncovering the depth of a problem), and solid math skills to connect a solution to the value of solving those problems (ROI).
When I first started selling cybersecurity services, it took me a while to figure out the same-old-same-old approach wasn’t going to work.
My hope for today’s post is that I can help share some tips that worked for me, and ways to take it even further.
While cyber liability is different from cybersecurity products, services, and consulting, these are all complimentary solutions to the same problem: cyber risk.
Here’s the bottom line: If you want to win more sales or increase the sales you do win, your prospect needs to understand their level of risk if they’ll ever understand the full value of your solution (whatever it may be).
A Quick Flashback
I still remember the first conversation I had when someone confidently told me “I have no risk”.
It was a 2-person chiropractor office local to me that I met through a chamber event. They were willing to take the time to speak with me and hear me out, but I just couldn’t wrap my head around their objection – the overconfidence was shocking, and I was (still am) legitimately concerned for their business.
They just didn’t see how anyone would ever target them – and I didn’t have the skills or knowledge yet to be able to explain that their risk was only partially impacted by them being a target or not.
I knew they had risk, but I couldn’t change their mind. The more I tried, the more they dug their heels in.
A few things became clear:
- I could go blue in the face trying to change the mind of people that are saying they “have no risk”.
- I was going to need to get ready for completely different objections and sales conversations than I’d heard selling efficiency-driving software.
- Math alone wasn’t enough here because, despite whatever statistics I spouted, everyone seemed to think they were unique and none of that applied to them or their business.
I did a few things right away to make a change.
First, I started reading and absorbing related content, a ton. I sought out more effective sales tools and concepts to help improve my ability to respond to objections like this. (Not much out there really taught me how to specifically sell solutions for cyber risk though, and I still don’t ever see much on this topic).
I also started to identify red flags where my prospects either had their ‘head in the sand’ or were overly confident they’d created the Ft. Knox of IT systems. I saved my energy for people that were in the right mindset and knew they had risks to address.
One thing that I also changed was when and how I allowed that objection to come into the conversation. I shifted my engagement to be more educational. I think where I failed that chiropractor is that I probably pitched something too soon or asked a question they weren’t prepared to answer yet. I found that timing mattered and that I could work proactively to ask the right questions or create conversations that proactively removed my obstacles.
The combination of that and other work I was putting into my skills shifted how I approached conversations, and I eventually learned how to get through to those former ‘red flags’.
What Are the Common Challenges Salespeople Find With Cyber Risk?
When I talk to people in sales roles that are providing a cyber-related solution, and especially insurance brokers, here are the most common problems I hear:
- The salesperson is afraid to even start the conversation because of how technical it can be.
- Similarly, on the other end, the client can be too intimidated by the technical nature of their cyber risks to want to entertain the conversation (they’d rather keep their head in the sand).
- IT will push back and is often a blocker for them (and in extreme cases is appalled you even suggested their environment isn’t 100% secure)
- They still just don’t see the level of risk or how they could possibly be anything like the companies in the statistics and news articles your marketing team is sharing.
- And, after an exhaustive debate, the prospect just doesn’t see the risk is worth the cost to do anything.
While there are probably a few other common challenges we could all add to this, there’s a pattern I start to see in this list:
- Technical language is a hurdle
- IT should be an ally but becomes an opposition
- Risk perception is too low to have enough value to invest in a solution
Side note:
I left out things like “I don’t have a budget for this”, “this is bad timing”, and other very common and expected objections. To keep it short, I wholeheartedly believe those still tie back to the risk perception being too low.If it’s a bad enough risk, they’ll find the money and they’ll make the time.
Want to Overcome These Challenges and Sell More?
Here are a few things I’ve learned about all of this:
Cyber risk discussions don’t need to get technical.
In fact, I’m going to go further to say more strongly: it SHOULDN’T get technical at all in early discussions. Don’t get into the weeds where you and the prospect are likely to get lost. Talk in terms of business cases instead of technical challenges and solutions.
If you want to win more and larger deals here, you need to appeal to the full C-Suite and rally them behind a unified objective to protect their other business goals and functions.
For cybersecurity solutions, you may need to get technical once the value/risk is established, but if the conversation is heading that direction, it’s a sign that the buyer is teasing the idea of your solution and probably ready to engage a solution engineer or product expert for a demo. Either way, the business case has to be established first if you want to improve your chance of success.
Make IT the hero.
When you get technical, you’re entering into the arena with a more skilled adversary in the IT team (and they often love to shut down salespeople). Chances are, you’re probably very much on the same side of things, but by talking negatively about what is or isn’t happening, it’s confrontational.
Shifting the conversation back to the business case means you go beyond IT. This puts them in a position to leverage your insights and resources to most likely justify things they too have been pushing for and asking to implement or improve.
Increase their understanding of the factors behind their risk.
Risk is a factor of Likelihood (probability) and Impact (cost). If you can expose reasons why the Likelihood and Impact are both higher than they may have originally realized, you can increase the overall perception of risk – which increases the value of your solution. They still may not fully see the risk as you do, but this is a start in the right direction.
This is all easier said than done and there are nuances to how to do this. It’s a deeper topic than I can fit into one blog post, but hopefully it gets some ideas flowing.
Ready For More?
I’m going to continue creating content and resources to help salespeople in this area, and I am just putting the final touches on a 4-part, personalized training program called “Selling for Cyber Risk” to teach this to anyone, regardless of your technical ability.
I’ve crammed a ton in there to teach how to simplify cyber risk discussions, increase your client’s perception of risk, and tee your sales pitch up to pack the most power. You can read a bit more about it in the Cyber Liability Sales services page.
Make sure you follow me on LinkedIn or subscribe to my newsletter to keep in touch (jump to the bottom of the page to find both).
Over the next few weeks, there’ll be some cool promotions and free content from my course that will be available.
Until then, if you have questions about this topic, have a different challenge that I completely missed, or just plain disagree with me, I’d love to hear about it so I can make sure I’m putting the best resources out there for folks.
Happy selling!
Did you miss the Catalyit Live Session on this topic? Watch it now.
