Slicing the SMB Pie 🥧: Market Segmentation Decoded
Moving Beyond 'One Size Fits All' 👔: Embrace a Vertical Market and Skills-Centric Method. Ready to "make the cut" in cybersecurity?
Hello Everyone,
I hope you are doing well and not suffering too much from the world's heat waves since June. This week, I'll try to bring some fresh air from a Cyber Builder's perspective!
If you haven't read my first piece on SMB and Midmarket cybersecurity, please check it out. In it, I shared the story of a CEO of a 200-person business built over 20 years nearly destroyed by a ransomware attack. I argued that while we must continue raising awareness about cybersecurity in this domain, we should only expect some to be an expert. The whole industry needs to mature.
This week I am continuing that SMB series discussing the market opportunities and the challenges of segmenting it. It is material to get it right for Cyber Builders. Next week I’ll focus on the need for more security services that small and medium businesses could leverage.
Before we go, may I ask for a favor? Please share Cyber Builders around you. If each of you shares with two contacts, we will grow exponentially! Just hit the share button or forward this email to a business contact or a colleague. Thanks in advance.
My survey is still running for its LAST WEEK. Please answer a few questions and help me plan the next post.
What is SMB in numbers?
An interesting study has been published about the IT needs of SMB markets. Let's take a look at the takeaways.
Small and medium-sized businesses (SMBs)—comprising of 1 to 300 employees—represent nearly the entirety of globally operating firms, and their contribution to society and the global economy is significantly immense. Currently accounting for 99.9% of all businesses worldwide, the number of operational SMBs hit 344 million in 2021 and is projected to grow to 366 million by 2026. This vast majoritarian influence in the business sphere makes SMBs not just driving forces of industrial innovation and economic activity but also essential socio-economic pillars across both high-income and middle-income markets.
At the heart of these societies, SMBs contribute 61% of the GDP in high-income and 45% in middle-income markets. Beyond the economic contributions, SMBs are also pivotal job creators, representing over 50% of global employment—a noticeably higher impact within middle-income markets.
SMBs are increasingly recognizing the pivotal role that technology can play in achieving their business goals. The top three ways SMBs now anticipate technology to bolster their business ambitions cover diverse yet interrelated aspects of operations:
Increasing operational efficiency,
Enhancing sales and marketing efforts,
Improving customer retention.
These three dimensions collectively account for a significant 96% of the pursuit. More interestingly, while a majority of SMBs acknowledge the importance of technology in realizing their objectives, a crucial 16% view technology as nothing short of essential for the survival and growth of their business. With such a rising dependence, the intersection of technology and business operations in SMBs will likely emerge as a crucial area to observe and understand.
SMBs are often the springboard from which multinational corporations emerge—consider giants like Amazon, Apple, Google, HP, and Microsoft.
Small is not equal to Big.
It may be evident to everyone, but a small and medium-sized enterprise is, first and foremost, a small team. When the entire company represents 50, 100, 200, or even 500 employees, specific paths quickly become imperative to the economy and survival of these businesses.
Most of the team is working to serve the business of the company. If you are a small manufacturing company, the core workforce works within your factory, producing goods, and the other part is your sales team building a revenue stream.
Consequently, support functions, such as IT, HR, and Finance, are limited in size. There are certainly dedicated professional like accountants or IT sys admin, but the size of these team are limited.
If we zoom in on IT, SMBs typically employ IT generalists to manage their technology. This IT staff is focused on the day-to-day operations. The core of its job is IT support and ensuring that the existing software applications and systems (servers and networks) are running smoothly… Which too often doesn’t generate a lot of burden for this team.
So you might wonder how big these teams are. I would argue that you will find 1 IT leader as soon as you reach 50+ employees and then 1 IT “support” person per 100 people. These are rules of thumb, and based on the IT requirements of each business, it won’t be one-size-fits-all. Still, it illustrates how small IT teams in an SMB are.
Even if you consider the more prominent businesses - often called Midmarket, from 500 people to 5000 people, you will end up with less than 15 to 20 people on an average team, managing thousands of servers and applications. It is not like one IT person can look at each of his resources daily. He needs to rely on automation and alerting to stay on top.
Cyber Builders need to structure their moves.
Many cyber builders plan to send their products and services to the SMB market. They see a lot of opportunities and a large market size. They believe that serving a large market will help them sell more. On the other end, enterprise software sales look complex, so they default to SMBs.
I think this is a huge mistake. Looking at too large markets, you don't understand them and end up building a strategy you can't execute. It will be difficult to have accurate metrics, and the size of this market is so broad that your teams will struggle to target customers and nail down specific messages and value propositions.
Every startup is small at the start. Every monopoly dominates a large share of its market. Therefore, every startup should start with a very small market. Always err on the side of starting too small. The reason is simple: it’s easier to dominate a small market than a large one. If you think your initial market might be too big, it almost certainly is.
This quote from Peter Thiel's book “Zero to One” perfectly highlights the need to focus on a narrow market initially. This implies that Cyber Builders must segment the market and target ideal customer profiles for their business.
For example, if you claim that your product simplifies UI and you will serve the SMB market but are unclear about your target customer or in which specific market you operate, it will be challenging to grow your sales. You must answer questions like Does your product target manufacturing, retail, or other industries? What skills do your target customers have? Answering these questions is mandatory to build an accurate operational, financial, sales, and marketing plan for your business.
Remember, SMB by itself means nothing. It is not a target nor an ICP.
Cyber Builders must reflect on these questions when building their product and service strategy. You will face many issues while segmenting, starting with choosing the wrong axis, like size.
The Lure of Segmenting Organization by Size
You may be tempted to use the typical segmentation by company size, as the economist or public statistics organizations do.
In the EU, an SME (Small and Medium-sized Enterprise) can be defined based on two main factors: staff headcount and either turnover or balance sheet total. Generally, a micro-enterprise has less than ten employees and less than €2m turnover or balance sheet total, a small enterprise has less than 50 employees and less than €10m turnover or balance sheet total, and a medium-sized enterprise has less than 250 employees and less than €50m turnover or balance sheet total.
Next is the large and sometimes very diverse mid-market, with companies of different sizes. The first segment would be from 250 to 1000 employees, then from 1000 to 5000 employees. Finally, beyond 5000 employees, it is generally considered a large corporation.
In the US, a small business has fewer than 500 employees, while a medium-sized enterprise has between 500 and 999 employees. The above study from Microsoft takes the 300 hundreds of people mark as a threshold to define a company as an SMB.
All of these definitions are somewhat limited and related to cybersecurity. Economists and public statistics organizations typically use the definitions of small and medium-sized businesses mentioned above for general studies. It is a straightforward, unbiased way to put into bins the companies of a country or a continent and may not be the best indicator for cybersecurity needs.
Look at Vertical Markets, where Use Cases are.
Cyber Builders should analyze the vertical market they want to serve before developing products and services for small and medium-sized businesses. In today's rapidly evolving digital landscape, cybersecurity product developers must shift their focus toward vertical market segmentation.
Why? Vertical markets allow for a more specific and tailored lens through which cybersecurity needs, and threats can be accurately identified and addressed. Companies operating within the same industry - or vertical market - often share similar business structures, regulatory challenges, customer profiles, and cyber vulnerabilities. Companies in the same business are looking at the same use cases. Use case “solutions” are what Cyber Builders are selling either as an intrapreneur, a sales, or an entrepreneur.
By focusing on a vertical market approach, cybersecurity product builders can specialize their solutions to suit the unique needs of each industry sector. From Healthcare to Finance, Education to Real Estate – each industry has its own set of cyber threat landscapes. By honing in on these distinctive parameters, cybersecurity providers can deliver highly relevant and compelling products specifically designed to address the nuances of each sector's risk profile.
For example, if you work as a defense or banking contractor, your cybersecurity budget will likely be higher than that of a business of the same size or number of employees. So looking only at the number of people or the turnover may not be the best option.
So, in essence, switching focus to vertical market segmentation provides an opportunity not only for targeted product development but also fosters an environment for enhanced customer trust due to an increased understanding of their specific operational challenges and requirements.
Understand the skills present within your customer organization.
Aiming the lens of segmentation onto the organizational structure, skills, and resource availability within customer organizations can offer unique insights for cybersecurity product builders. The structure and skillset of an SMB's security team can significantly differ from that of a larger organization, thus driving different needs and usage patterns for their cybersecurity tools.
When entering the discussion on large corporations, the image conjured is often that of a CISO leading a battery of dedicated professionals. The extensive team might include roles such as a security architect, analysts, incident response experts, and a robust IT department to manage miscellaneous technical duties. This vast architecture provides depth and segmentation of roles, ensuring meticulous attention to each facet of cybersecurity.
However, let’s shift our gaze to small to medium-sized businesses (SMBs), where this landscape changes dramatically. In SMBs, the 'team' typically narrows down to a one-person band juggling operational tasks and security projects. Their smaller scale does not enable role diversification experienced in larger companies.
Conclusion
In conclusion, navigating the geography of the SMB cybersecurity market can be a labyrinth filled with nuances and complexities. The SMB sector is diverse, representing different industries, various employee sizes, unique business structures, and distinctive threat landscapes. Cyber Builders need to segment this market with care and precision, focusing on vertical markets and understanding the structure and skills within customer organizations.
Expecting every small or medium-sized enterprise to become a cybersecurity expert overnight is unrealistic. But these businesses deserve security tools designed with them in mind—affordable, accessible, and adapted to their reality.
Cyber Builders have an opportunity and a responsibility to build such tools.
Next week’s installment of our SMB series, we’ll dive deeper into specific areas where SMBs could leverage more robust security services. You won't want to miss it!
Before then, though, please continue to share Cyber Builders with your networks and colleagues—the cybersecurity world is vast, and we all benefit from ensuring as many viewpoints are considered as possible.
Thank you for being here with us in our shared journey toward creating a safer cyber world. Stay safe!
Laurent 💚
Read « I am *not* saying »
Hi. I am saying that one business must focus only on one vertical but every cyber business must segment by vertical... to understand the specifics of their users and buyers.
Around me I have two example of companies that are targeting verticals:
- one is doing SMB in manufacturing, reselling various software and delivering services inc cyber
- another one is a software editor for accountants who built up firewall and endpoint managed services. As they know well how the accounting sector buy products and services and operate, they are very successful
I’ll cover more in the next post