Security Products and Services: The Long Tail of SMB Customers

The "long tail" of small and mid-sized businesses (SMBs) forms an attractive set of potential victims for attackers. These companies are not large, but there are many of them. Similarly, SMBs comprise a market filled with opportunities for security product and service vendors. Selling to and supporting the needs of these companies requires marketing, product and operational models different from those used for large enterprise customers.

Representing Numerous SMB Customers as the Long Tail

In this context, the long tail refers to the part of the graph below that represents the large number of SMB companies, in contrast to the relatively small number of large enterprises.

Historically, security companies have focused on selling to the enterprise segment. These are the customers that had the funds to spend on security and understood the need to do so based on compliance and risk requirements. This segment is maturing and is becoming saturated. As the result, long tail of potential SMB customers, which comprise roughly 80% of the total market, becomes more attractive.

The Opportunity to Secure SMBs

The modern day's Internet ecosystem makes it easier to start businesses that make use of information technology. The cost of entry for start-ups is very low in part because of the availability of cloud-based services.

Such dynamics fuel the increasing number of SMBs coming into existence to service various niche markets that are untapped by large, established organizations. A paper by Tawileh, Hilton and McIntosh points out that such businesses "do not possess adequate time, nor resources to actively tackle the issues of information security." However, the traditional approaches to information security "require considerable investments of time and resources, and demand high levels of technical expertise."

Offering Security Products and Services to SMBs

Cloud-based services make security more affordable to smaller organizations. However, such products usually provide only technological controls. Security vendors pursuing the SMB long tail need to use scalable tools—such as those offered in the cloud—to create meaningful security programs, provide value-adding services and offer customer support.

More importantly, such security vendors must be able to reach numerous customers as part of sales and marketing efforts. Scaling sales and marketing across the SMB segment has been a tough challenge that large established players in the industry (Cisco, IBM, etc.) are still trying to crack. Security start-ups struggle with this as well.

Another element in offering information security to SMBs involves determining how to provide security products and services at a price that SMBs can afford. When going after long tail SMB customers, price can be a significant product differentiator.

Security vendors seeking to tap into the large potential market of SMBs will need to understand what products and services such customers actually require, will need to offer them at an affordable price and will need a way to scale their marketing and sales efforts. These are hard problems to solve, but they are worth trying to figure out.


About the Author

I transform ideas into successful outcomes, building on my 25 years of experience in cybersecurity. As the CISO at Axonius, I lead the security program to earn customers' trust. I'm also a Faculty Fellow at SANS Institute, where I author and deliver training for incident responders. The diversity of cybersecurity roles I've held over the years and the accumulated expertise, allow me to create practical solutions that drive business growth.

Learn more