Thought leadership is an incredibly powerful tool that every expansion stage software company should harness. It’s relatively inexpensive and, if done right, can brand your company as a market or industry expert. Scott Maxwell
Joel Kurtzma, presently a Senior Fellow at the Milken Institute, coined the term “Thought Leader” in 1994 while serving as Editor-in-Chief of Strategy + Business, a Booz Allen Hamilton magazine. Thought leader was used to designate interview subjects for the magazine who had business ideas that merited attention.
Tracy Sestili, CEO and Founder of Social Strand Media, lists 21 Definitions of Thought Leadership in a recent blog post. While “Thought Leader” and “Thought Leadership” have been devalued to the state of business jargon in many applications, I agree with Scott Maxwell’s description, quoted in the introduction of this post.
I have used thought leadership was a foundational element of effective marketing programs for emerging growth products at software companies to help facilitate a turnaround and profitable exit, to grow revenue and increase enterprise value, and to raise equity funding and generate demand. Here are my basic principles for developing and executing a successful thought-leadership program for an innovative software product, along with three case studies.
Thought Leadership Principles
A thought leader is an individual, while thought leadership is about a firm or company. My experience, and the following principles, are about establishing thought leadership for a company in order to accelerate growth during an expansion phase. As such, thought leadership is strongly associated with Crossing the Chasm from early adopters to the early majority (mainstream acceptance).
- Thought leadership to fuel growth during an expansion phase must describe technological innovation that contributes to business value, not just an abstract concept or altruistic idea. Therefore, it must be consistent with development and deployment of a real product or service.
- However, thought leadership is not self-serving product or service propaganda. Rather, it thoughtfully examines the business problem, and prescribes how innovative technology or innovative application of technology can be applied to solve the business problem.
- White papers are a primary content vehicle for examining the business problem and prescribing how innovative technology or innovative application of technology can be applied to solve the business problem.
- While traditional marketing channels, such as advertising, and new marketing channels, such as blogs, can help communicate thought leadership content, the primary channels are industry analysts and industry/business media.
- Thought leadership can involve more than one spokesperson, however, the message delivered by everyone must be consistent, and everyone must have some level of credibility in his or her understanding of the business problem and application of technology to solve the business problem.
A New Information Security and Fraud Management Category
The situation was precarious when I arrived at Covelight Systems in April 2005. Although the company had developed a superb technological approach that passively monitored Web application traffic, compared user activity from the most recent session with historical activity, and alerted security personnel to anomalies in user behavior that indicated fraudulent access, it had generated only $40,000 in revenue since the launch of its product in June 2004. The slow adoption was largely because the technological approach was new, and not recognized as an established information security category. The company had burned through its initial equity financing, and was bootstrapping operations through bridge loans from investors who had abandoned hopes of a high-multiple exit, and simply wanted to recover as much of their investment as possible.
The initial goal was to focus the company’s marketing, which had been highly diffused, on the most promising market. Several high profile security breaches had led the Federal Financial Institutions Examination Council (FFEIC) to recently issue an update to its guidelines on online customer authentication by financial institutions. This was the external driver that we used to focus our technical solution on a value proposition (fraud detection and regulatory compliance) for a specific application (online banking) in a highly regulated market (financial services). The low cost of a thought leadership strategy fit our small marketing budget, and we targeted two relatively inexpensive channels: analyst relations and media relations.
How to Create a New Technology Category with Gartner describes how we created new information security categories: Transaction Anomaly Detection with Gartner and Online-Fraud Risk Monitoring with Forrester.
In an October 2005 research report "Regulators Tell U.S. Banks to Adopt Stronger Risk-Based Authentication," Gartner stated that banks must protect against all types of fraud, including insider theft and online banking, and that “The best defense is a transaction anomaly detection system that compares incoming transactions with profiles of what is expected from the user.” Gartner indentified Covelight Systems as a provider of transaction anomaly detection systems, and predicted quick adoption of this new technology saying that “about 65 percent of all U.S. banks will use transaction anomaly detection and user profiling systems by the end of 2010.”
We also worked with TowerGroup and Javelin Research and Strategy, leading research and consulting firms focused on the financial services industry, to establish Covelight Systems and its new technological approach as a customer authentication technique that helped financial institutions meet FFIEC regulatory requirements. Here are some of the results:
TowerGroup identified Covelight Systems as a vendor at the intersection of fraud detection and information security in its 2005 report “Taming the Hydra: The Emergence of Enterprise Fraud Management in Financial Services.” A TowerGroup analyst stated that “session monitoring is an approach that can identify behavior that is uncharacteristic for a specific user or that typically leads to fraud,” and that “Covelight is ahead of the curve in many instances because they address the problem by monitoring activity.
Javelin Strategy and Research included Covelight Systems in a 2006 report “Beyond FFIEC Compliance: Creating an Evolving Authentication Platform for Higher Lifetime Consumer Value.” The comprehensive assessment of online financial institution authentication solutions identified Covelight as a best of breed “session-risk assessment” vendor in its recommendations of the best solutions and providers for adapting current authentication systems to be more robust, FFIEC compliant, cost-effective and customer focused.
In conjunction with the analyst strategy, we wrote two white papers that provided the core content for our thought leadership media strategy. The first white paper “Properly Preparing for the Second Wave of Privacy Protection Regulations,” described how financial institutions were now responsible for protecting the non-public personal information (NPPI) of customers, with fines and penalties of institutions did not comply with security regulations. It recommended a comprehensive NPPI data security policy that included monitoring and comparing user activity to identify unusual and suspicious behavior as it occurs for risk-based authentication to meet FFIEC regulatory compliance.
The second white paper, “The Cost of Data Security Breaches and Identify Theft,” aggregated available third-party expert information and cost data from:
- Abbreviated Survey of 2005 Identity Fraud Survey Report, Javelin Strategy and Research (2005)
- Lost Customer Information: What Does a Data Breach Cost Companies?, Ponemom Institute LLC (November 2005)
- The Economic Impact of Cyber Attacks, Congressional Research Service Report to Congress (April 2004)
This allowed us to quantify the frequency of occurrences and cost of data security breaches that involved the loss or theft of customer and consumer NPPI.
The combination of content from these two white papers allowed us to position ourselves as knowledge experts and thought leaders in:
- The total and component costs of data security breaches and identity theft.
- The inherent vulnerabilities of web-based applications, such as online banking, for fraudulent access.
- The FFIEC requirements for financial institutions to adopt additional risk-based authentication beyond the traditional two-factor approach of ID and password.
- The application of our new technique for risk-based authentication that meets FFIEC regulatory requirements.
In addition to using these assets as part of our direct marketing program, we used the content, along with customer case studies, to power our media relations program.
Prior to my arrival, Covelight Systems had targeted online and offline information security media, such as SC (secure computing) and Infosecurity. While we continued to target these media, we focused more on media for the financial services industry, especially Bank Technology News (BTN)—an online and offline publication of American Banker, a leading business and industry publication, focusing on innovative technology for financial services.
We condensed content from the first white paper, and placed it as a bylined, contributed article entitled “Securing Web Apps Protects Data Behind Them.” Although I wrote the white paper and article, I had Benjamin Robinson, a member of our advisory board, review and serve as coauthor of the white paper and article, because he added credibility and stature due to his strategic privacy roles, including chief privacy officer (CPO), with MasterCard and Bank of America.
With the cooperation of a customer, we were able to secure an article the following month, written by a BTN reporter, entitled “Unusual Behavior Is On The Radar At First Citizens [Bank].” Chip Wentz, SVP of information security at First Citizens Bank, described why and how Covelight Systems was selected. We were also able to direct the reporter to an analyst at TowerGroup, who contributed to the article, and I was able to draw on information form the second white paper and add hard data on the costs of security breaches.
In April 2007, Radware acquired Covelight Systems for $16M. A major factor in the successful turnaround was deployment of an enterprise-scale solution that helped secure a major deal with BB&T—the nations 11th largest financial holding company—in January 2007. Paal Kaperdal, BB&T Senior Vice President of eBusiness said, “Our interest is first and foremost to protect our users and to mitigate fraud.”
Covelight had successfully established its technological approach as a recognized solution for fraud detection and regulatory compliance in online financial applications. The news release announcing the deal included the following:
“With regulatory and compliance issues of FFIEC and others, banks and financial institutions are taking steps to protect their clients information as well as their own business data,” explained Avivah Litan, VP and Distinguished Analyst covering Security and Privacy for Gartner Group. “Having real-time data feeds to quickly identify potential fraudulent activity enables enterprises to take immediate action, which can be important when trying to stop criminals from doing further damage.”
In Case Study 2, I'll describe how thought leadership helped a life science software company build its brand, generate revenue and increase enterprise value.