Are you drowning in a sea of cyber sameness?

In summary

  • The cybersecurity market has grown 300% from 2018 to 2021. 
  • Security and IT leaders are overwhelmed by the number of vendors on the market – not helped by the fact that so many look and sound identical
  • There are ways you can stand out and differentiate your brand
  • Is your core messaging product-focused or audience-focused?
  • Consider your visual language. Are you distinct enough? And are you building consistency and brand equity with every touchpoint?
  • Assess your tone of voice – are you being too negative and combative?

Article by co-founder and director of Shaped By Nick Farrar.

2020 was a pretty good year for cybersecurity founders. A record $8.9bn was invested globally in cyber startups. It looked like the grass in the fields of growth couldn’t possibly be greener…until 2021, when that figure shot up again to a staggering $21bn.

As a result, by the end of 2021 the number of cybersecurity firms on the market had increased by over 300% from that of 2018. No wonder that in a YouGov/HCL Cyber study conducted in mid-2021, over two thirds of security and IT leaders said they felt overwhelmed by the sheer amount of vendors on the market.

I feel for them. Because the problem isn’t just the number of firms out there.

It’s also the fact that many of them sound, look and feel virtually identical.

Pretty much every vertical has its own language, visual traits and familiar tropes. Occasionally these are important to adhere to. Customers expect it from brands.

But in my opinion, cybersecurity has gone too far this way. There are too many categories within it where, if you put each brand side by side, there’s very little that distinguishes one from another.

In any market, that’s a problem. Distinctiveness builds recognition. But it’s an especially big problem in a market as densely crowded as cybersecurity.

The good news? There are ample opportunities to set yourself apart from your competitors. Here are three places to start…

Positioning and messaging

The biggest trap that cybersecurity companies wind up falling into here is actually the same one that many B2B tech brands in general struggle with.

It happens when they lead with something like this: “We’ve built this great product. Let me tell you what it does. Let me tell you how it works. Let me tell you about all the great companies that use it. And let me do all that using complicated and technical jargon.”

There is a place for this information somewhere within your messaging framework. (Aside from the jargon part.) But the mistake that I see time and time again is firms leading with it front and centre.

The opportunity to stand out here comes by flipping this approach around completely, and reverse-engineering this core messaging from your audience’s “why”:

  • Why would my audience buy and use this?
  • Why would it make their life easier and better?
  • Why would they choose it over another product?
  • Why does solving this problem really matter to them?


It’s a real opportunity for two reasons. Firstly, the chances are that if your competitors are doing this, they’re doing it rather half-heartedly. They may address the first point above by talking about “eliminating gaps”, “protecting endpoints” or “stopping breaches”. But they rarely take it that stage further by answering the other three.

Secondly, it’s a golden opportunity to be more human. Cybersecurity isn’t really about technology – it’s about people. And every vendor or organisation within it has a unique and very human story to tell about the people they help. These stories are often highly inspiring ones of innovation, heroics and positive impact on the world. But too often they’re shouted down by endless foghorns blaring out technical buzzwords and product features.

So where’s the best place to start? Your customers. Talking to them, relating to them and being obsessive about the problems you’re helping them to tackle – and the positive impact it’s having on them and the people around them.

Then it’s about having the conviction to build your core positioning and messaging around these stories.

Visual language

Your visual language refers to the way you express your brand through design. Colour palettes, image styles, fonts, iconography, logos, and animation.

When you pull all this together in a deliberate way, it allows your audience to start identifying and associating each piece of your company with you. It strengthens your brand identity and gives you consistency.

In cybersecurity, visual language is where a lot of firms end up falling down a giant homogenous hole. These dark webs of data, server rooms, padlocks and mysterious code seem to be what we’ve decided cybersecurity must look like if we’re to attempt to visualise it:

Cybersecurity is largely invisible. Its products may have interfaces, but they aren’t tangible, physical objects like a car or a pair of sneakers. So visualising it can be challenging – but there’s really no need to conform to the bleak and fear-inducing concepts above.

I truly feel that cybersecurity deserves a visual language that represents the hope, trust and optimism that binds the people who work within it.

I also don’t really understand why so many firms pick blue as their primary colour. At the top end of the market, it’s a little more diverse. Zscaler is blue, Crowdstrike is red, Palo Alto Networks is dark orange, Cloudflare is light orange. But further down, it’s largely a sea of blue.

All this provides plenty of space to differentiate. Here are a few that are already doing it. Clockwise from top left: Cybereason, Palo Alto Networks, Splunk and Netskope.

Cybereason’s use of yellow and brand characters is thoroughly un-cyber-like, which is why it immediately stands out. As for the others, my view is that all three are indeed seeking to present a more optimistic view of cybersecurity. The use of bold, bright colours like yellow, orange and even sky blue as opposed to dark blue. And in Palo Alto Networks’ case, the refreshingly alternative take on visualising the connective tissue of the cyber world.

If you as a marketer or creative can bring more hope and optimism alive in your brand’s visual language, then you have a real chance of setting yourselves apart in a positive, human and authentic way.

Tone of voice

Tone of voice can mean different things to different folks. In this context, we’re talking about how the character of your business comes through in the words you use, both written and spoken.

Tech firms (understandably) put a huge amount of time and effort into this, especially when it comes to the problems they solve. Typically their narratives are overtly positive. After all, solving problems is a good thing, right? Take HubSpot, for example:

“Finally, a CRM platform that’s both powerful and easy to use. Create delightful customer experiences. Have a delightful time doing it.”

However, a huge portion of the cybersecurity industry has decided to lean the other way. Companies focus on the negative outcomes of what might happen if customers don’t buy their products. Playing on the fear, uncertainty and doubt of their audiences, trying to spook them into entering the market or switching vendors. “Act now or else” is the prevailing sentiment. Often articulated using war-like analogies, with words like “defend”, “battle” and “weaponize” worryingly commonplace.

The war parallels aren’t parallels at all, in my opinion. Yes, there’s a lot at stake. But war causes misery, death and destruction far beyond anything the cyber world could imagine. We should be far more sensitive to that.

There is an alternative to all this. And considering how many cyber firms have either lazily or over-eagerly swung towards a negative tone of voice, it presents a real opportunity to stand out. Let’s call it the “HubSpot approach to positivity”. Here are some examples:

The language used here is a breath of fresh air. Now I had to search really hard for these. So that tells you just how scarce these kinds of narratives are.

But they really shouldn’t be. People lean towards positivity. It’s human nature. And as I’ve already mentioned, cybersecurity solutions are ultimately all about positive outcomes for real people.

It doesn’t mean that you can’t be frank with customers about the issues they face. But it is entirely possible to raise the alarm without being alarmist. Too often, the starting points of these conversations are inherently negative and fear-based.

We have a duty to the brands we’re responsible for, of course. But we also have a responsibility to the industry we represent. So maybe in adopting these ideas, we can actually do more than just stand out against competitors; we can help to build a more positive and optimistic cybersecurity industry.

It’s definitely something that’s long overdue.

Get more cybersecurity marketing insight

Interested in learning more about standing out in a crowded cybersecurity market? Visit our cybersecurity content hub.

Our Work