Can You Have the Highest Price and the Largest Market Share?
In the coming months, both Symantec and Microsoft are scheduled to release new products aimed at improving computer security. Symantec’s Norton 360 is slated to sell at $80 per license. Microsoft’s OneCare, an add-on to their new Vista operating system, has a list price of $49 but often sells through retailers at a mere $19. In other words, Symantec’s Norton 360 is expected to sell at an average pocket-value price that is three to four times greater than Microsoft’s OneCare.
As of November 2006, the prior versions of their security-software products earned Symantec a 62% market share compared to Microsoft’s 1.6% market share according to NPD, a market research firm. (The balance of the market was held by McAfee, Trend Micro, and other firms.) Forward looking statements by most analysts, including yours truly, believe that Microsoft will not significantly chip away at Symantec’s lead in 2007.
Combined, these facts indicate that Symantec is expected to sell a product at 3 to 4 times the price of a Microsoft product in the same category and is expected to capture 30 to 40 times the market share. Moreover, since the product is software, it is a product with virtually zero marginal production cost therefore all price differences directly contribute to gross margins.
How can Symantec be priced so much higher and yet still capture the lion’s share of the market? There are two key factors that enable Symantec to wield both price and market share power over Microsoft, both of which are derived from the nature of risk management markets.
First: Risk Management Markets Are Driven by Trust
Customers buying security-software are participating in a class of markets that can best be described as risk management markets. Risk management markets encompass insurance markets, safety related markets such as first-aid kits and child safety products, and many other protection related products. At a basic level, customers in risk management markets are buying something to either prevent a bad thing from happening or to mitigate the problems which arise when something bad happens.
At the time of purchasing a risk management product, customers are making a trust based decision, one in which they know that their product may have no use today but will faithfully meet their need during a crisis at some uncertain time in the future. When that “bad thing” happens, customers will turn to their purchased risk management product and expect a solution. If the product fails to deliver a solution that adequately mitigates the problems incurred, customers will quickly distrust it and spread the news of its failure as well.
In this respect, Microsoft and Symantec differ largely.
Over the past decade, most customers have learned through experience that their Microsoft operating system and other Microsoft products will fail. Even though this failure is often related to another problem, such as malicious software or faulty hardware, customers have a hard time disentangling the fault of the problem and the actual Microsoft program being affected. As a result, customers have had 10 years of training to not trust the security features of Microsoft.
In contrast, Symantec has built a reputation in the market of identifying and mitigating new threats to our productivity with computers. Through their rapid dissemination of press releases announcing new threats, the development of new protocols of delivering updates to thwart those threats, and the expansion of their security suite to address new risks, customers have come to believe that Symantec, and their like minded market competitors, are trustworthy in managing risks.
Note, I am not commenting on the technical merits of the new products from either Symantec or Microsoft, only on the perceived value of these two brands in the area of risk management. Also, in the area of security-software, which is a risk management market, Symantec’s independent watchdog status enables it to position itself as providing a more trustworthy solution than Microsoft.
Second: Feature Differentiation is Easy in Risk Management Markets
Beyond issue of trust created through branding and experience, risk management products can also be differentiated in the old fashioned manner, the actual product can be different.
It is easy to differentiate offerings in risk management markets simply by changing the bundle of threats that the product is aimed at mitigating. For health insurance markets, this may mean the size of the deductible, co-pay, prescription medicine plan, covered treatments, maximum payout, etc. For car insurance, this can mean the issue of liability only or full coverage, size of deductible, expected time to be out of a vehicle, availability of a replacement vehicle, etc. And, for security-software, there is anti-phishing, anti-spam, anti-malware, anti-fraud, and not to mention old fashioned anti-virus. Moreover, each of these specific threats, in whichever risk management market you choose to explore, can be addressed in a number of different manners, each with a different associated cost and effectiveness in addressing the risk.
In other words, it is probable that the fundamental products by Microsoft and Symantec will differ in terms of their features and resulting benefits as well. However, I currently have no evidence of any technical differentiating points. Thus, while feature differentiation is probable, it would be purely speculative and therefore improper for me to make further comments on this issue at this time.
Microsoft is the Odd Man Out, But for How Long?
The above analysis clearly indicates that Microsoft has been the odd man out in the security software market and that there are some significant hurdles for it to overcome before it can begin to lead. Can it overcome these hurdles? Maybe.
On both issues of trust and differentiation, patience and continued product development can prove to be Microsoft’s savior and Symantec’s threat. If Microsoft is able to encourage trial by offering their product at a lower price, and if Microsoft is able to produce a product with similar or better features at mitigating risks, then it will be possible to turn the tide of public opinion in Microsoft’s favor. Why, because trust is a learned behavior built through experience. Low prices encourage trial and a good product delivers the kind of experience build customer trust.
Brian Hall, general manager of product management at Microsoft, is quoted as positioning their intentions in the security-software market as “We certainly aspire to be number one.” Yet, as this analysis points out, that is probably just talk at this point. After all, no-one pays a product manager to say “we are not doing very well in this market and we don’t expect to do much better next year.” Yet, continued investment and effort can correct any discrepancies in the Microsoft product. But are the rewards worth the costs for Microsoft? And, to Symantec, Trend Micro, and McAfee, how much time do you give Microsoft before they either figure it out or exit? And, how can you accelerate your pace of improvement so as to widen the gap and encourage their exit?
- Mark Boslet, “Microsoft, Symantec Get Ready for a Showdown”, Wall Street Journal,14 December 2006, p B4
- Market share data is for the US consumer security software market.