CrowdStrike Bashes Action1 Over False Acquisition Claims – A Key Lesson for Cybersecurity Vendors
By Robin Campbell-Burt, CEO at Code Red
I woke up this morning to a post by Gur Talpaz, over at CrowdStrike, calling out Action1 for misleading the media over a potential acquisition. A quick Google search shows they have secured quite a bit of coverage.
This is just the latest example of how vendors try to use ‘potential’ M&A deals to create news, when the substance behind these claims may be rather thin. In this case, it seems to have backfired. So, why do vendors think this may be a good idea?
Image: LinkedIn post from CrowdStrike's VP of Corporate Development
Ross Haleliuk has published a great article that explores the phenomenon of cybersecurity being a ‘silver bullet’ market. In summary, Ross argues that neither the buyer nor seller can confidently evaluate security solutions as there is so much variability in the context of how they are deployed in the real world, and the open-ended battle as malicious actors find new ways to operate.
Therefore, industry participants are forced to make decisions based on other factors that indicate whether a new tool or vendor can be trusted.
So, in much the same way that the power of brand sets out what and who we trust (and purchase) in so much of our personal lives, we can also see the same human buying behaviour appearing in cybersecurity.
The core indicators that are looked for in the industry are broadly the following:
- Background and credibility of the founders.
- The calibre of investors backing the company.
- Analyst firms and what they are saying.
- Public profile, buzz and momentum in the press and amongst influencers.
- Customer logos on the website, references, and case studies.
- Advisory board members with extensive resume experience speaking publicly.
- Peer feedback (word of mouth from other people in the industry).
The unifying theme through all these indicators is that they are evidence that other people trust this vendor to deliver. And if other people trust them, then it is safe to also trust them.
So, a juicy rumour of an acquisition that gets ‘leaked’ to the media is very tempting. It is a statement that an established and trusted brand (CrowdStrike) esteems what you are doing. It also attaches a quantitative figure (valuation) as a signal of a vendor’s scale. Then, by rejecting the offer the founders are creating an even bigger story with their confidence in the future trajectory of the business. All of which generates media attention and boosts reputational brand.
Wiz does have a lot to answer for here. Over the last year or so there have been a few acquisition suggestions aired in the media that amounted to nothing (Google, SentinelOne etc.), each time creating a lot of buzz in the media, brand association with other established companies, and creating the sense of momentum.
Wiz’s subsequent success means we should expect others to copy.
Unfortunately for Action1, it seems that they have overplayed their hand and strayed into just lying to the press.
This is never the way to go as you will be called out for it, which is what has happened here. If you think about it – the name of the game is to build indicators of trust for potential buyers to anchor onto, so how can lying achieve that?
Public relations is about developing these indicators of trust in the market. But it must be based on honesty if it is to succeed.