Product-led growth is one of the most commonly discussed topics in the startup world as the market cap of public companies utilizing the growth tactic skyrocketed in recent years.
It’s no different in the cybersecurity space. Why? To find out, I analyzed more than 800 products from over 600 vendors using information from open sources, including Google, Gartner, CB Insights and startup/vendor lists from different sources.
The focus was on security products, not service providers, except companies that have “productized” their services, i.e., offered them as a product package, transparently priced per user, with the ability to sign up online, etc.
Of the 824 products reviewed, 151 can be described as product led.
The below map summarizes the state of product-led growth in the cybersecurity industry.
The categories are intentionally broad; the explanation of what was included in each category is provided below. Some companies have product offerings that fall under multiple categories; I have attempted to reflect these on the map as well.
Companies featured here are at the various levels of PLG maturity: While some have pursued the product-led growth strategy since inception, others have pivoted or are still in the process of making a pivot from being sales-led into PLG.
Companies that do not embrace ideas of openness and transparency will be pushed away from the market.
Trends defining PLG adoption
What’s pushing cybersecurity companies to adopt product-led growth? I observed several PLG-related trends in the cybersecurity space while preparing this market map.
Traditional sales channels have become inaccessible for startups
Chief information security officers (CISOs), leadership teams and midlevel managers have been bombarded with marketing and sales pitches by security vendors. Selling to the highest echelons of security leadership requires a large network, introductions and a large budget for invite-only events, dinners and other entertainment.
These top-down product pitches are not just expensive — they’re ineffective. Hundreds and thousands of vendors attempting to showcase security tools and solutions to security leaders can lead to “vendor overload.”
Security startups have constrained resources and cannot afford to “wine and dine” CISOs, and they don’t have the brand recognition to cut through the noise of vendor overload. With that, entrepreneurs are forced to look for new ways to acquire customers that would allow them to build businesses with reasonable unit economics and the ability to grow. PLG enables companies to lower the customer acquisition cost, bringing the total cost of revenue as close to zero as possible, enabling a hockey stick growth.
Value is a factor defining whether a certain segment can be product led
Not all product categories in cybersecurity have an equal chance to benefit from the unit economics and growth potential PLG enables.
The factors that ultimately define whether a certain segment can be product led are how tangible the product value is and how long it takes for a user to fully realize the value a product in question brings (“time to value”).
First, the product value needs to be well defined and easy to understand. In other words, a person using the product should be able to easily see the difference between “before” and “after.”
Developer-focused products and tools for technical security professionals have a clear edge here as they solve very specific problems their users’ experience, unlike segments like endpoint detection and response (EDR) that sell “security” in a broad sense. Being able to see the product value is not enough; the speed matters just as much. For example, if it takes months to see that the product has prevented ransomware, it’s unlikely people will upgrade to the paid version after 30 days.
One way to communicate the value of the product is to visualize the metrics describing it best. For example, an antivirus could send a daily notification about the number of viruses removed, while a compliance management tool can offer a dashboard with the number of compliance violations detected during the week.