8 min read

SMB Security Buying: Rational Thinking or Art of Persuasion?

Horatiu Bandoiu

March 14, 2014

SMB Security Buying: Rational Thinking or Art of Persuasion?

This post came as a result of a bet I made recently with one of my colleagues, Shaun Donaldson. The question is if SMB decision makers follow the buying practices of the Enterprise market or not (that process would include information-gathering, analysis, and comparing options in a pure “costs vs benefit” model). The wager I can’t disclose, but I can tell you that Shaun is advocating for people being the most rational creatures on Earth;


So let us explore who is right.

When making buying decisions for technology products, one of the primary assumptions is that it is the fruit of careful and systematic analysis. I hope that it isn’t about the color of the packaging, the shapes, and aerodynamics of the product, or the nice smile of the salesperson.

Those things have little to do with the benefits being sought; and when it comes to buying security technologies that might be essential for your company’s future, we all try to believe that the way things are presented doesn’t outcome product effectiveness. The issue with me is that I question things many times.

Large enterprises have many advantages in these decisions – I have seen recently in a Gartner study that professional technology buyers may become one of the jobs for the future; but is this also applicable to the SMB world?


How important is analysis before buying?


When talking about SMBs, I think that we have to make a primary distinction: small businesses (many of them family-owned) and mid-sized that have more people, more specific needs, and a more impersonal approach when buying technology. In small businesses, the buying decision is more direct, based more on recommendations from trusted people or from the so-called “experts” (I’ve always had a problem with this word’s definition). In most large businesses the process is longer and analysis takes a higher priority.

A 2013 study by Infusionsoft discusses the buying behavior of SMBs when it comes to buying technology - The American Dream: What Really Motivates Small Business Owners - and I think it might give us an idea of how they buy technology and security products. Out of the 1200 US companies questioned, the study finds that they may be divided into four categories:

  • Strivers – are looking for technology to help them overcome challenges and support their business growth; they represented 24% of the total. And when it comes to security technologies that want the cutting edge, magical solutions for all the needs, extensive and effective; eventually all coming from the same vendor. This category is very likely to buy a product for its image.

  • Customizers – the ones that seek a technology to adapt to their needs and existing processes; stand for 29%. For security, as well as for other technologies, they are knowledgeable buyers because they know what they need and they find it by applying a knowledge acquisition process. They read, test, look for opinions, analyze and balance advantages and costs. Hence, they are less likely to buy a speech.

  • Maximizers – use technology to gain differentiators and maximize their resources and create value; their proportion is 23%. They are even more knowledgeable, as they try to transform the new technology they buy into a competitive advantage. In this segment, I think that they choose looking whether any new offer aligns with the strategic goals of their organization.

  • Supporters – they are members of communities and buy technology that meets their specific needs; they represent 24% of the total. The supporters buy technology because it is identified with their cause, their niche, and because everyone in their community has it. Therefore the decision comes from external sources – they ask their peers what they are using, whether it fits and is effective, and seek to buy the same solution. A reasonable conclusion would be that they buy for the image.

Buy for a brand or buy for logic?

Summing up, we have those who buy for the brand and those who buy because they analyze and make an impersonal decision. And the proportion came out to be, in my case 48/52 – I don’t like this result!

This is just the marketing perspective. Someone could be happy with the fact that the rational approach prevails. However, we are talking about security. The 48% may have the luck to trip over the optimal security solution, and we should all be so lucky.

The reality is, based on what I have seen in my past 14 years in this industry, luck is not on the side of anyone. This does, then, raise the question – is it ok to choose your security solution because of the brand? Is it ok to risk your most valuable assets on a name or just because you’ve been using the same thing for several years? The world changes and sometimes famous brands don’t.

A widely known brand is often the fruit of investment in innovation and marketing.  But sometimes, over time, as we look at the big brands, we observe the importance of marketing over innovation.

I invite you to comment with us and share your own experiences. I also invite you to test your assumptions about certain brands. Security is important and challenging all that you are told before making your own decision may be critical for the future of your business. I don’t want to influence you; after all 48/52 is not a bad score, but would you like to be in that 48% that buy a product for its image or in the 52% that analyze test, and choose the right solution for their needs?

Contact an expert




Horatiu Bandoiu

Horatiu B has been in the field of information security for about 14 years, switching lanes between marketing, sales, consultancy and business development. Engineer by formation, he thinks that a diagram says 10 times more than a speech but sometimes you have to employ words in order to describe diagrams. Horatiu’s principal areas of interest are in security management, practices, processes, buying behaviors and psychology.

View all posts

You might also like