Cybersecurity is the hardest cold-calling market in B2B. We have dialed CISOs across three continents for the last two years and most of what works elsewhere falls flat here.

The first 10 seconds decide whether you continue. Here are three opener patterns we run, what they earn, and what gets us hung up on.

Opener #1: The "research-led" open

"Hey [Name], saw you posted last week about your team standing up the zero-trust rollout. Took 2 minutes to look at how you have it scoped against the new APRA CPS 230 controls. Got a quick question on one piece if you have 30 seconds."

This works. Pickup-to-meeting conversion on this opener is roughly 1 in 8 for us when we are dialing CISOs at mid-market AU financial services.

Why it works: the prospect immediately knows we are not a vendor cold-calling against a list of 5000 names. We did the work. The "30 seconds" framing respects their time. And the question hook earns the next 90 seconds.

Why it fails when run wrong: if the research is generic ("saw you are in cybersecurity"), the CISO knows. They hear it 20 times a week. The reference has to be specific to a thing they actually did - a post, a hire, a stack change.

Opener #2: The "permission" open

"Hey [Name], cold call. 30 seconds, then I will go away. We help cybersecurity teams cut [specific thing] - happy to send a 2-line summary if you can ignore the next email I send."

Mixed results. Works for transactional categories (MDR, vuln scanning, awareness training). Fails for anything that requires actual technical engagement.

Why: it asks for permission, which is honest, but it also signals the call is not personalized. CISOs who get 50 cold calls a week pattern-match this as "another vendor doing volume" and check out.

We use it as a fallback when we cannot do the research.

Opener #3: The "incumbent displacement" open

"Hey [Name], heard you are running [incumbent X]. We work with [number] teams who moved off that for [specific reason]. Two questions if you have 60 seconds."

This is the one that bombs.

CISOs are loyal to their stack. The implicit pitch ("you should switch") puts them on the defensive in the first sentence. Even when the displacement story is real, leading with it makes the conversation about your tool instead of their problem.

What works better: ask about their problem first, never mention the incumbent until they bring it up. The displacement happens in conversation 3, not in the first opener.

What actually moves pickup rate

In our data, the variable that matters most is not the opener wording. It is the cadence.

• First touch: 7% pickup rate (CISO at mid-market AU bank)
• Touch 4 (mix of dial, voicemail, email): 18% pickup
• Touch 7: 28% pickup

CISOs do not answer the first call from a number they do not know. Most outbound shops give up at touch 3. We run a 9-touch cadence over 4 weeks. By touch 7 the recipient has heard our name 6 times and is curious enough to pick up.

The opener earns the conversation, but the cadence earns the dial that becomes a conversation.

What to take from this

If you are running outbound into cybersecurity and your meetings have stalled, the diagnostic is usually one of:

1. Cadence too short - give up after 3 touches, miss the conversion at touch 7
2. Opener too generic - "we help cybersecurity teams" is not research, it is a tagline
3. Lead with displacement - puts the buyer on defense in the first line

Fix the opener and the cadence and the meetings come back.

If you want this kind of motion run for you instead of building it yourself, that is what we do.