Many early-stage cybersecurity founders aim to sell to large enterprises, specifically financial services, when defining their go-to-market given they deeply care about minimizing risk and have the deep pockets to invest in security. Plus, locking in one firm generally means the rest of their peers are bound to follow.
However, there are a lot of nuances in navigating selling to financial services in respect to the specific threats and risks involved and how the tech integrates and operates within these businesses. In talking to a number of security leaders at Fortune 500 companies, they revealed some myths that vendors come to the table believing that ultimately minimize their chance of success and shared the tactics they’ve seen work that create a better process for founders to close a deal.
Myth: Everyone In My ICP Is the Same
While your initial customer profile (ICP) may broadly encapsulate similar organizations, not all financial services organizations have the same challenges and prioritization. For example, while all are categorized under the financial services umbrella, the differences between public banks, investment banks, hedge funds, and market makers can pivot their need and use case for vendors pretty dramatically. How?
Data & Scale: “Our scale impacts everything we buy,” one security practitioner told me. He further explained that the amount of data organizations have available to them directly correlates with the complexity of their management and therefore the complexity of needs from vendors. As an example, investment banks and hedge funds don't have a lot of customer data (given most of their customers are institutions, other funds, etc.) or are focused on proprietary trading (they’re their own customer).
Prioritization: In today’s capital strapped environment, enterprise budgets are harder to capture, but the data shows that IT leaders are spending money, just in newly prioritized ways with higher bars for ROI. These priorities are fluid and different among every organization. For example, senior IT leaders from a bulge bracket bank shared with me that they are looking for solutions that can help them with regulators. In general, I’ve heard, “what's important is driving efficiency, lowering complexity, and consolidating platforms,” which is why startups should double down on messaging products directly tied to ROI as a “need to have” versus just a “nice to have.”
Budgets: It’s important to know if there is budget dedicated to the problem you’re solving and who owns that budget. Does the organization (but more specifically, the department you’re pitching) have a static budget (where money is allocated at the beginning of the year) or a more ‘on an as needed basis’ with room for flexibility. This will help determine the likelihood of success and timeline to close.
Myth: Providing Value is All That Matters
Vetting, integrating, deploying, running, managing, and dealing with the outcomes of vendors costs an organization a lot of time and money. More often than not, champions expend a lot of resources for a product that may produce less value than the effort put in.
As an IT leader recently explained to me, “we have a lot of use cases, but not enough business cases.” Despite what you may believe is a high-value feature, if it requires an incredible amount of effort and an executive’s political capital, the likelihood to succeed is low. Running the entire vendor due diligence and deployment process for a handful of feature products is more exhausting and leaves more room for error than one platform that does them all. In terms of feature products, we heard that “the value for effort is out of whack.”
Myth: POCs Are Easy
Many vendors often believe that they can deploy a POC in as little as one day, ignoring the reality that financial services organizations are large, complex, and diverse corporations with a lot of corporate governance to work though, including a vast amount of legal, IT, and compliance approvals.
Even if your champion loves your POC and it proves all the value it was intended to, there is still an uphill battle to fully close the sale. Your champion has to sell the product to a handful of additional stakeholders within the organization.
Two pieces of advice:
- Have clear and realistic success criteria from the get go. What is the timeline of the POC, how will the product be integrated, what value / use case is it trying to prove, and how is that value being measured? Don’t over promise what your product is capable of – there will be no hiding these shortcomings during the POC anyway.
- Halt the POC immediately if you see that your success criteria aren’t aligning upon deployment. It's worse to waste your potential customer’s time and resources on something that you know won’t be successful vs. stopping it in its tracks. Typically, there are no second chances once a POC has failed.
Financial Services Is Different Ballgame, But Worth Playing
As you can see, financial services are all different, requiring an intentionality and resistance to rinse and repeat sales motions for each. Additionally, many startups tend to make products for other startups that are modern and fully cloud. These products are often unrealistic to deploy in the enterprise given the level of legacy and scale needed. But given the enterprise customer segment that commands large contract sizes, it’s often worth the time and effort in satisfying the requirements of these nuanced ICPs.