What security businesses get wrong, and how to avoid it

If you were to ask most security companies to explain their strategy, you would probably hear something like “Make the world safer” or “Create the best video surveillance solutions in the world” or “Artificial Intelligence that works”. 

Those are all fine mission statements, but they aren’t strategy.

If you dig deeper, you may hear that the company is pursuing education, retail and government vertical markets with either “best-in-class” or “end-to-end” solutions.

Getting closer, but still a long way from a winning, defensible strategy.

The unfortunate reality – please don’t take offense to this, it’s based on my general observation over the past many years – is that most companies in our industry don’t have a real strategy, or at least not one that will achieve the goals they want, and the result is virtually always:

  • Low growth / inability to scale
  • Missed commitments
  • Squeezed margins
  • Undifferentiated products and services
  • Constant price battles

This most likely happened because they skipped strategy – it’s the biggest mistake I see companies make. Why does it happen? Probably because they believe that they already have a good strategy, or that they already know their customers extremely well, or it’s too hard and takes too much time, or that “culture eats strategy for breakfast”.


The real reason is that their entire team just didn’t know how to do strategy correctly (which they would never admit, but that’s a different story). They weren’t all explicitly on the same page with the same skills working towards the same goals – the right goals. If they were, they would know this about strategy:

  1. It’s not that hard 
  2. It’s not only senior leadership’s responsibility
  3. It can solve virtually ALL of their problems

Let me explain with a story, one that I bet you can relate to in one way or another.

The Scenario

I’ve seen this situation countless times at large companies, small companies and startups – someone comes up with a great idea for a new product, feature, service or a new type of customer to chase, usually with a hot buzzword tied to it – cloud, AI, mobile, smart, connected, IoT, etc. That someone is an executive or a highly respected senior person who carries a lot of influence within the company.

It’s brought to the leadership team in a conference room at HQ with a great set of PowerPoint slides about how this will transform the company, complete with a strong business case, ramped sales forecast and outstanding margins. 

A LOT of effort is put into preparing a business justification. There are development and production estimates, engineering costs, timelines (hedged, of course), fulfillment and distribution plans, competitive analyses, a marketing plan, an ardent champion from the sales team – often the one who came up with the idea in the first place – and maybe a customer or two that backs the idea.

Leadership asks hard questions, challenges the assumptions. The team is ready with good answers that are intelligent and well thought-out. There is market research, backup slides and an appendix. The plan is bulletproof. Sometimes this all happens in a single short meeting, sometimes it takes weeks or even months.

No more questions, it’s time to vote – which, as in politics, usually doesn’t happen until the outcome is virtually assured.

  • Marketing: “YES”
  • Product Management: “YES” (of course)
  • Sales: “ABSOLUTELY”
  • Operations: “YES”
  • Engineering: “Yes, with caveats”
  • Finance: “YES”
  • Chairperson (usually the President or CEO, and the only vote that really counts): “I trust my team … YES” 

The project is a ‘go’, teams are dispatched and the product is built. The new Agile process works like a charm and cuts the development time in half. Marketing campaigns are fast-tracked and beautiful. Sales and support teams are trained and ready to sell. Price lists are submitted. Partners are lined up. Media interviews are complete. The ISC West launch party is booked and hundreds of prospects are registered. The team is blowing away their metrics and everyone is high-fiving (or fist-bumping).

The new Smart Cloud Mobile IoT AI platform is going to transform this company, and the rocket is ready to launch.

The Results

Fast-forward six months and everyone is back in the same conference room at HQ, but the mood is very different. There’s a big pipeline but sales are way below forecast. Margins are miniscule. The CEO is angry and the project team is in the crosshairs.

  • CEO: “What’s wrong?”
  • Sales: “It’s too expensive and doesn’t have enough features. We need more leads.”
  • Marketing: “Sales isn’t following the script from page 43 of the launch deck.
  • Operations: “As soon as they sell it, we’re ready.”.
  • Product Management: “Engineering didn’t build the product we spec’d.”
  • Engineering: “The specs were wrong.”
  • Finance: “Let’s shut it down.”

So what really happened? Look back through the original project plan and I bet you’ll find the answer – strategy was skipped. 

The Biggest Mistake

Sales forecasts, cost estimates, product specs and marketing plans do not make up strategy. They don’t identify what problems you’re solving for a specific group of customers, how solving those problems provides quantifiable value or how your solution delivers that value better than the next best alternative for solving the same problem. 

Although not exclusive to this, the problem of misidentifying value is regularly demonstrated in the hottest technology category in our industry right now – artificial intelligence. Dozens, maybe hundreds, of companies have started up new businesses or created new solutions based on AI, especially for video surveillance. Ask them what problem they’re solving for their customers and virtually all of them will say something like “99% of video data goes unreviewed” or “Human beings cannot actively monitor more than 15 cameras at once” or “We help identify bad behavior.”

So what?

Don’t get me wrong, these are real issues experienced by real end users. But you haven’t told me what the real value of this is to your specific target customer, how your solution provides measurable value to those customers, or why they should buy yours versus the other dozen providers calling them this week. 

Good marketing and salespeople can spin pretty good messages on differentiation, etc., but too often I find that these questions were not adequately answered at the very beginning of the project and therefore the solution really doesn’t provide quantifiable value that customers are willing to pay for.

As a result, most of these AI solutions all solve the same problems for customers. They may do it in slightly different ways, but they don’t provide any relative incremental value to the customer, hence they aren’t well adopted.

Answering those questions requires a much deeper understanding of your ideal customer. Maybe the person that came up with the idea claimed to already have this deep customer understanding and assumed that other customers would value it the same way. Perhaps the executive was reacting to other outside forces pressuring them into launching an inferior solution. Or maybe the team just didn’t have the skills or time necessary to uncover this value up front.

Regardless of the reason for doing it, going straight from an idea to a product launch is the path of least resistance, and it’s the biggest mistake companies in the security industry tend to make.

What is Strategy?

The authors of Grassroots Strategy define strategy – whether for a single product or an entire line of business – as “a clearly articulated view of distinctive capabilities that allow you to win in relevant markets” and “a framework for management decision making that creates outcomes that are more than the sum of marginal decisions.”

In other words, strategy is not just a plan for what you’re going to do, it’s a blueprint for how you’re going to win, profitably. This is the part that’s missing in so many security companies.

Unfortunately, many people working for security solutions providers did not start or work as security practitioners, so they lack a true understanding of what their target customers actually care about and what they’re willing to pay for. And if your entire team isn’t working from the same sheet of music toward the same goal, your solutions are likely to be undifferentiated and destined for underperformance.

This lack of experience can be overcome, however, by applying a disciplined approach to developing strategy. All strategy – whether it’s for a single product, a service or an entire line of business – must clearly identify the market you plan to compete in, the type of customer you plan to serve, the value you plan to deliver, how you will differentiate and how you will make money.

This may seem obvious and intuitive, but so many companies struggle with it. The biggest pitfall we see is when multiple members of the team think differently about the answers to each of the areas or perceive customer value differently, which is a recipe for disaster. 

Strategy cannot be skipped. Most people in the security industry did not start as security practitioners, therefore it’s critical that they invest the necessary resources to ensure they understand their customers’ real problems and develop solutions that deliver real value. 

Your entire team must have these skills, be on the same page and working towards the same goals, otherwise you will continue to spin your wheels and lose ground to your competitors.

For those who need more guidance on exactly how to define and implement strategy that leads to breakthrough growth and profitability, head to https://securebi.com to determine which of our programs are right for you and your team.