Cybersecurity Buyer Experience Report

Buying any type of cybersecurity solution is a huge undertaking. From navigating the convoluted sales processes of vendors, to just trying to get a demo of a product, to using all of your cryptography skills to decipher how the thing is priced! The buyer experience shouldn’t be this miserable and it’s beyond time for it to change. We set out to document the current buyer experience across 200 cybersecurity companies…here is what we found.

Once Upon a Time

In a kingdom just on the other side of the internet, lay a maker of cybersecurity solutions. The people of the kingdom created a (category defining) product, a sales team unlike any other in the land, and built up a forward thinking leadership team. But alas, this kingdom had a growing problem; those who were invited to come visit the kingdom and try out their product had no interest. Try as they might, be it through “ye olde whitepaper” or “cold call by a bard”, they just couldn’t get many folks to make a purchase. Pretty soon reality set in and members of the sales team were asked to leave the kingdom. The leaders that had joined this once prosperous kingdom began to depart and soon after the kingdom fell into despair.

This might sound like a fairytale, but it’s actually not too far off from reality. Organizations that were once flush with cash and building huge teams to join their “rocketship” company are now struggling to hit their numbers and layoffs are happening all around us. At a time when competing for the attention of customers is harder than it’s ever been, only those who are willing to adapt stand a fighting chance.

Quote: The way people buy has evolved; the buyer is now in control of what the buying experience should look like, not a vendor’s sales process.

About This Report

The human attention span is only 9.2 seconds long. Combine this with our underlying need for instant gratification (thank you Amazon) and you have a world of individuals that expect things, well, instantly. And while we’d like to cling to the notion that buying in B2B is some old stodgy thing, that just isn’t true anymore. B2C, B2B, what we are really talking about at the end of the day is people buying from people. So why then has the buying experience within cybersecurity fallen so out of touch with this new reality? Great question. Here are the common challenges that were uncovered during this research.

Yikes! With this much friction cybersecurity vendors are not likely to see the desired outcome they are hoping for (revenue). Instead, they will continue to experience missed opportunities, wasted resources, and worst of all…long sales cycles. Since most of these friction points are self-inflicted, it’s time we have a hard look in the mirror and begin to ask, “why are we (as an industry) still doing things this way?”.

The Methodology

To get started, we compiled a list of 200 cybersecurity vendors ranging from seed stage through IPO (e.g. public companies). In order to measure what their buyer experience was like, we visited each website and looked to answer the following questions:

  • Can the buyer get access to a product demo without engaging the sales team?
  • What was the most common call to action (CTA) to draw the buyer into a demo?
  • Was there a direct calendar link to book time with someone if the buyer had questions?
  • Can the buyer see a budgetary or baseline price for the product(s)?

Note: For the purposes of this report, a product demo is defined as a live demo, an interactive product tour, or a sandboxed version of the product. Product videos or screenshots don’t count because it isn’t the same thing as experiencing the product the way in which a buyer might ultimately use it.

An Overview

Here are the high-level findings from our research that show how companies fared in our analysis.

Shocked by this data? You shouldn’t be. Let’s take a broader look at how we got here.

The Qualification Problem

When it comes to gathering information about a particular product, cybersecurity vendors still strongly believe that gating content, demos, and research is the “best” way to collect contact information from potential buyers. The problem with this approach is that most people aren’t in the market to buy, they are just gathering information. If 100 people submit their contact information to see a demo, they are all “routed” to the same place and treated as a lead. An SDR/BDR gets their information, reaches out to the lead often via phone and email, and begins the qualification process with some checklist that is often rooted in something like BANT (Budget, Authority, Need, Timing).

But not all of those 100 people that submitted their information are looking to buy (which in fact wouldn’t make them a lead at all). It’s more likely that 3 - 5 of those individuals are willing to have a conversation with sales and the rest are just looking for information (but were forced to submit their contact information to get said information). The individuals that are willing to talk to sales are then routed to an AE for a second conversation, which often results in a rehash of what was already said with the SDR/BDR.

By forcing everyone into the sales funnel, we effectively treat them all the same…whether they are actually interested in your product or just looking for information. This might make companies feel good because “the numbers are high” when it comes to reporting, but it also makes for a terrible buyer experience. Additionally, buyers have caught on to being forced into the sales process. As such, many people (especially within cybersecurity) will submit fake information when trying to access content so they can avoid the inevitable sales calls and marketing emails that will come their way.


  • Stop forcing every person into your sales process. It’s terrible for the buyer experience and no one wants to be treated as a lead.
  • Know the difference between connecting with someone and engaging with someone. When someone raises their hand and is ready to engage with sales you’ll have faster sales cycles and require significantly less qualification because you’ve been talking to the buyer all along.
  • Remove friction! There are more sales and marketing tools in the tech stack than ever before that can be used to enrich contact data. You don’t need 6+ required form fields when it comes to collecting information on your website. If you are going to gate something, require the bare minimum from the user and enrich their data in the CRM on the back end.

The Calendar Tango

A few months ago there was a huge debate on LinkedIn talking about the “formality” of using a Calendy link; ultimately the internet seems to favor using a calendar link because of the convenience (to which I agree). Instead of playing calendar tango, a buyer could shoot over their calendar link and the sales team could schedule time that is convenient for the buyer. Theoretically this all makes perfect sense. But then reality happened and sales teams have found a way to weaponize calendar links by sending them in emails, LinkedIn messages, etc.

Buyers don’t want to “book time” with your sales team through cold outreach, they want to see the product, talk to their peers, and understand how it will fit into their priorities. If and when (the buyer) is ready to engage in a conversation with sales, there should be a singular calendar link on the vendor’s website that allows the buyer to schedule some time (that works for them). And yet, here is the sad reality of our research.

If a buyer has questions or wants to chat with a real human (outside of those 12 companies using a calendar link on their website), well then they would need to go through the dreaded and generic demo request form.

Note: It’s very interesting to see how much of the cybersecurity industry is dominated by two vendors when it comes to sales and marketing tech stacks. Hubspot and Marketo are the only two vendors seen across the 200 cybersecurity companies we reviewed that are used, not only for calendar links, but also for the majority of form fields and data collection.


  • Don’t shove buyers into your sales process, reshape your process (and routing logic) to fit the needs of buyers…especially if they aren’t ready to buy and just looking to have some basic questions answered.
  • If your website does have a calendar link, it doesn’t mean you need to take every meeting. If the buyer / company isn’t a fit to your ICP or whom you usually sell to, you can use different email sequences to politely decline or qualify them further so neither party wastes their time.

Tip: If your routing logic or calendar link setup on the website needs an upgrade…shoutout to the folks over at Chilipiper who handle this flawlessly.

The Generic Demo

Think about the last time you sat through a demo as a potential buyer (regardless if you are in the cybersecurity industry). It probably went a little something like this:

  • Everyone joins the call and there is some initial banter (2 mins)
  • A round of introductions on both sides (5 mins)
  • The AE takes command and proceeds to go through 1,375 slides about the company, their awards, and their logos slide that is often irrelevant to the conversation (13 mins)
  • The AE hands it control over to the SE, who quickly runs through a generic demo touching on some common use cases (9 mins)
  • The sales team finally pauses and asks if the customer has questions (with 1 min remaining in the call)

If this sounds painful to you as you are reading it, imagine how your customer’s feel sitting through it. Going through the generic demo isn’t helpful to anyone, so why then do we force buyers into this flow just so they can see the product? Wouldn’t all parties be better served by skipping the slides and collaborating on a hyper focused demo that touches on the top three areas that actually matter to the buyer? Yeah, I think so too.

So let’s reboot this process and talk about why having an interactive product demo on your website has the ability to significantly improve the buyer experience. Allowing a buyer to experience your product, or take an interactive tour of it, will allow them to get a feel for the product and how it works. As the seller, you can also cover the top use cases where your solution shines. If it resonates with the buyer, then let them engage with sales directly. If it doesn’t, then it doesn’t force the buyer into your sales process for an opportunity that has little chance of ever becoming a sale.

Tip: Interactive product demos on your website also have the ability to be shared with others in a buyer’s organization who might also be interested in the product or see value. You can’t do this with the traditional demo process.

Convinced that an interactive demo on your website is a creative way to engage with buyers before they talk to sales? Well then you might be shocked by the data.

Additionally, the use of interactive product demos allow cybersecurity vendors to change the language that they use when it comes to CTAs.

Instead of being generic, marketing teams (who usually own the website) can begin to change out the main demo CTAs to something more creative, or better yet, make it dynamic based upon the page the user is on.

Note: Even CTA copy like “See it in Action” and “Try It” still lead to landing pages that require a buyer to enter in all their information. This can be misleading and detract from the trust you are trying to build with potential customers.


  • By using an interactive product demo on your website, cybersecurity vendors not only let the customer experience the product before they engage with sales, but they can also see what is resonating with visitors before a live personalized demo or conversation is performed
  • The use of interactive product demos doesn’t completely replace the need for personalized demos or POC/POVs, but it does help educate buyers and arm them with more information to come into a sales conversation with
  • Use different interactive product demos on each solution page or product feature page to let buyers get the full experience of the product based on what is most relevant to them

The Pricing Problem

You’ve qualified a buyer, they’ve had two calls with sales, and the sales team is just wrapping up the demo when the buyer asks, “What does your pricing look like? We are getting ready to submit our budgets and need to put in a number.”. The sales team starts panicking, the buyer gets frustrated because they just need a number, and nobody really wins.

Try as you might, everyone is beholden to the dreaded budget and needs to know what things cost before they head too far down the sales road. This is true whether you are the buyer or part of the sales team trying to make a purchase internally. If the buyer is thinking $5,000 and the product starts at $30,000…well then there is going to be quite the disconnect. Why not have that open conversation up front to level set expectations?

Having public pricing on your website helps buyers to understand your price ranges up front and align their budget based on priorities; before they begin a conversation with sales. In a recent report from Chilipiper, looking at public pricing in the broader tech industry, 56% of SaaS companies included public pricing on their website. For cybersecurity, this number is only 17%!

Note: Of the cybersecurity vendors that listed public pricing on their website, a whopping 85% of them include a link to the pricing right in the main nav bar. That is prime website real estate which speaks to the importance these companies place on having public pricing easily accessible.

So we still have some work to do as an industry. Want another compelling reason to put pricing on your website? Right now, most organizations have too many security tools and are being asked to consolidate both tooling and staff. This is a perfect time to help buyers understand costs, particularly if, as a cybersecurity vendor, you offer multiple products and can help with consolidation efforts.

Note: For those that argue, “putting public pricing on the website will scare people away or allow our competitors to undercut us”…think about how much time and money you are wasting by having multiple internal resources engage in sales conversations and demos only to find out someone can’t afford your solution? If pricing is your only differentiating factor, you are already fighting an uphill battle.


  • Cybersecurity vendors don’t need to be super specific when it comes to their pricing page, but providing a list price or a “starting at” price point is paramount to helping buyers understand if they can even afford your product.
  • Having the pricing publicly available helps qualify potential buyers in or out quickly without impacting sales resources or the need to engage in a sales conversation.
  • Buyers understand that scoping, evaluations, and potential discounts happen; they aren’t taking the public pricing as the final number, but it’s a solid place for them to budget and start.


When it comes to cybersecurity vendors, we haven’t even scratched the surface of modernizing the buyer experience. It’s true there is a lot to be desired, but it also doesn’t all need to happen overnight. At a time when everyone is hurting for revenue and sales teams are missing quota left and right, why wouldn’t we adapt to what buyers are asking for in an effort to serve them faster and fit find quicker?

While gating key pieces of content, like research reports, makes perfect sense, the majority of cybersecurity product content should be ungated and available for buyers to consume. The more buyers know and have access too, the more likely they are to come better prepared to ask questions (plus it helps set you, as a vendor, apart from your competition). But this conversation needs to start at the top. It means changing the way we measure success, changing the way we treat buyers (as people and not leads), and changing the way we compensate go-to-market (GTM) teams to encourage the right goals and behaviors.

Instead of hoping to find buyers that might be ready to have a sales conversation, deliver a buyer experience that makes them (buyers) want to raise their hand and engage with sales. We hope that startups in particular continue to evolve their tech stacks, processes, and goals to align more closely with the expectations of (modern) cybersecurity buyers.

Need a place to start? Check out our Buyer Experience Framework.