Outbound to a buyer who has heard it all before.
The buyer is technical, the cycle is long, and the room is sceptical. Here's what we've learned about getting in it.
What's specific about cyber buyers.
CISOs and CTOs in UK enterprises hear from twenty inbound vendors a week. The opening lines they pattern-match against are, almost always, vendor pitch. So the campaigns we run for cyber firms speak in problem-language, not product-language. We open with what they're already worrying about (compliance gaps post-NIS2, end-of-life dependencies, supply-chain visibility, post-incident remediation) rather than what we sell.
The technical credibility test is brutal. One sloppy claim and the email is closed before the second paragraph. The messaging has to assume the reader knows more than us about most of the territory, and earn the conversation by saying something specific they haven't heard from a vendor that month.
What works.
The list is small. Typically eighty to a hundred and fifty named accounts per quarter, drawn from a specific subsegment (regulated industries, mid-market enterprises, post-Series-B scale-ups). Volume buys reach; specificity buys replies.
The follow-up is short: three touches, two channels, then stop. CISOs detect cadence pressure faster than any other buyer we work with, and once they shut the door it doesn't reopen. We'd rather lose a possible meeting than burn a possible relationship.
The angle is frequently lateral. Not “we help with cyber” but “we've seen four firms in your bracket get caught out by the same supply-chain misconfiguration this quarter; here's what we found.” That sentence is a real one we've sent. It earns 30-40% reply rates when we use it sparingly.
What doesn't.
Generic “we help with cyber” positioning. Asking for thirty minutes when you can't articulate what they'll learn. Selling a tool when the buyer is buying a posture. Long subject lines, hyperbole, anything that reads as marketing.
The biggest mistake is writing for a marketing audience: bullet points, checklists, “5 things every CISO should know.” Cyber buyers know the things. They want to know what you've seen recently and whether you're capable of having a conversation that goes past the first email.
If you run a UK cyber consultancy, the brief will tell you whether outbound is worth the work.
30 minutes on a call. A campaign brief written for your firm in your inbox within five working days. Yours regardless of what happens next.