Funnel
- → TPRM deal cycle: 3–6 months (Tech/SaaS), 6–12 months (Healthcare), 9–18 months (BFSI).
- → Champion – TPRM / Vendor Risk Manager, buying committee – CISO, Compliance, Procurement, Risk.
- → The basic layers of the funnel are covered, the main gap is the middle-funnel.
TPRM Deal Cycle
- TPRM deals are long: 3–6 months in Tech/SaaS, 6–12 months in Healthcare, 9–18 months in BFSI.
- The main champion is the TPRM / Vendor Risk Manager; the buying committee is the CISO, Compliance, Procurement, Risk.
- The longer the cycle and the larger the committee, the more important mid-funnel nurturing and proof for each role become.
Funnel Stages
From Awareness to Expansion
- Awareness – the buyer discovers UpGuard through SEO, breach content, LinkedIn, events.
- Consideration – the champion studies product pages, datasheets, case studies, webinars.
- Intent / Evaluation – demo, PoV, ROI, compare pages, customer references.
- Purchase / Expansion – legal, procurement, onboarding, cross-sell to other pillars.
Stage → Goal → Content → Channels
| Stage | Goal | Content | Channels |
|---|---|---|---|
| Awareness | Get on the shortlist | Blog, breach research, summit | SEO, LinkedIn Ads, search ads, Meta/FB ads, remarketing |
| Consideration | The champion understands the solution and use cases | Product pages, datasheet, eBooks, customer cases, webinars | CRM nurture, retargeting, webinar invites, LinkedIn/Google remarketing |
| Intent / Evaluation | Get the buying committee to 'yes' | Demo, PoV, ROI, compare pages, references | CRM sequences based on intent signals, remarketing for demo/PoV, sales touches |
What UpGuard Already Has
TOFU
TPRM blog, breach analyses, UpGuard Summit, LinkedIn breach reports.
MOFU
/product/vendor-risk, Vendor Risk Datasheet, AI in TPRM eBook, customer cases, weekly Product Deep Dive.
BOFU
Demo / free trial, compare pages, customer references, Premium Assurance.
The basic layers are covered–the problem is not the lack of content, but the transition between stages.
The Main Funnel Gap
Today, a user has two paths: a free scan (low intent) or booking a demo (high intent). There is no step in between that helps a TPRM champion build an internal case without talking to sales.
The current PLG (Instant Score, Webscan, Reports) checks one's own domain, while a TPRM champion is thinking about their vendor portfolio. This is a disconnect between the mechanic and the persona.
The solution is a middle-funnel PLG step and a nurture sequence for the TPRM champion. A detailed implementation strategy is in the "PLG Strategy" section.
Nurture Sequence for the TPRM Champion
| Day | What We Send |
|---|---|
| Day 0 | Thank you for the download + soft CTA |
| Day 2–3 | Reinforce the pain point: vendor breaches / Change Healthcare |
| Day 4–5 | Social proof: St John WA case study, specific outcomes |
| Day 7 | Invite to a Product Deep Dive / TPRM Roundtable |
| Day 10–12 | PLG entry point: vendor portfolio snapshot or 30-min consult |
| Later | Based on signals: breach analysis, case study, AI feature, email from an AE |
How the Funnel Changes by Industry
| Industry | Cycle | Specifics |
|---|---|---|
| BFSI | 9–18 months | Longest cycle, strong regulations, long PoV. |
| Healthcare | 6–12 months | Emphasis on patient data, privacy, hospital network use cases. |
| Tech / SaaS | 3–6 months | Shortest cycle, moves faster from proof to demo. |
| Manufacturing | 6–12 months | Greater focus on supply chain and OT/IT risk. |
Breakdown by Industry – Cycle, DMs, and Touchpoints
A PLG step is needed for all industries, but the messaging and proof points are industry-specific. The basic funnel mechanic is common, while the industry-specific layer is a separate content layer. The implementation of the PLG mechanic is in the next section.