I sat down with the CEO of a tech startup who has a mobile product for large corporates and we got chatting about security startups. “No one cares about IT security, well accept the people who’s job it is to worry about it and those people who have just been effected by an incident (hacked) but that is a short term caring that fades quickly. So we are left with a small bunch of people around the world that actually care, but the vast majority don’t give a ****”. That was his opinion and i have to agree, security has always been a fear, uncertainty and doubt (FUD) sale, that has not changed in years.
So if you are thinking about launching a new product into the security market how do you deal with a niche market and an apathetic audience, I think the answer lies in not selling security you have to sell something else doesn’t matter how you brand it just don’t sell it as security. We have all been buying insurance and burglar alarms for years because we understand the consequences if it all goes wrong and how insurance and a burglar alarm may help, with IT security its very different. Most people don’t understand the cost of loosing data from them personally or a business, its difficult to quantify until it happens. Therefore the vast majority of security sales happen after an incident and not before.
Will security ever become a product people understand and want to buy whether that be a consumer or a business, I think yes and as the digital world evolves this day will come. Today most Microsoft Windows users now buy antivirus software because they understand the risk and so follows they will start to understand the bigger risks and buy services to mitigate these risk as well. The question is as alway when? I think consumers are at least 5-10 years behind enterprise and enterprises are not all there yet so we have a while to wait.