Here's How Startups Can Profit As Big Companies Freak Out About Security

Activision/BungieCompanies want better security.

Security has shot up to the top of the agenda of many companies following the recent array of cyber attacks. Three-quarters of CIOs in a recent survey called it their top priority, up from 59% last year.

It's why many investors expect billions of dollars will flow into this area in 2015. Union Square Ventures' Fred Wilson even says VCs will start investing in the security sector like they did in the rental economy last year. (Uber and Airbnb are now worth tens of billions of dollars).

But if you're a security startup trying to nail a big time contract, it's not easy selling yourself over some of the older, legacy brand products. You're smaller, have less recognition, and don't have as much variety in service.

So how do you differentiate yourself?

Kleiner Perkins' general partner Ted Schlein, who helped Symantec create the first commercial antivirus software, writes that every security startup has to be able to go into the board room at potential customers and answer these three questions:

1) "Is our company secure? How secure are we?": Companies want to know one thing: What are the chances of the hacks on Sony or Target happening to them? They want you to analyze their security status and show them how your solution could fix any gaps - right then and there. Schlein says, "If you can credibly tell directors how secure their company is down to a number and update the number in real-time, they will want your solution."

2) "Why should I hire you for a single need when a big company can meet them all?": Most companies still prefer one-stop solutions because of their convenience and the "one throat to choke" rule: it's easier to complain to one vendor if something breaks. But if you can prove your product is the best for specific industries, like financial services or digital health, you may be able to create your own niche and expand from there. "Once you develop a strong solution and build a base of early references, you can expand to an adjacent area where your circle of competence naturally extends," Schlein says. He cites Palo Alto Networks and FireEye as two examples who used this approach.  

3) "How credible are you?": Cybersecurity deals with highly sensitive data, so there's no question you need to build up your credibility. Schlein says you should get influential people to sit on your board, like former government officials, and have the first 10 to 15 customers get the word out about you. But most importantly, it's you as the CEO who needs to bust some balls early. "As a cybersecurity CEO, your job is not only to build: It is to sell," he says.