What are typical cybersecurity sales quotas?

SDR quotas in cybersecurity are activity-based with revenue-influence components. Per RepVue 2024 SDR benchmarks across cybersecurity vendors, monthly targets typically include 10 to 20 qualified meetings (Sales Qualified Opportunities, SQOs, or Sales Accepted Opportunities, SAOs depending on the company), 500 to 1,000 outbound touches across email, phone, and social channels, and pipeline-dollar generation contribution tracked alongside meeting count. SDR compensation ties to meetings that convert to qualified opportunities for the AE team and to deals that ultimately close. Top-performing SDRs exceed quota by 120 to 180 percent, earning accelerator bonuses that often push OTE into the $130,000 to $160,000 range at growth-stage cybersecurity vendors.

Account Executive quotas are revenue-based and scale with segment. Per RepVue 2024 cybersecurity AE quota data: SMB AEs carry $600,000 to $1,200,000 annual ARR quotas. Mid-market AEs carry $1,000,000 to $1,800,000 quotas. Enterprise AEs carry $1,500,000 to $3,500,000 quotas. Strategic and Global Account AEs at the largest cybersecurity vendors (CrowdStrike, Palo Alto Networks, Cisco Security, Microsoft Security, Zscaler) carry $3,000,000 to $10,000,000 plus quotas covering 5 to 25 named enterprise accounts. Quotas typically reflect a mix of net-new ARR and expansion ARR; the split varies by company stage and territory maturity.

Sales Engineer and Solutions Architect quotas typically track AE quotas because SEs pair with AEs on opportunity execution. Customer Success Manager and Account Manager quotas track gross retention and net revenue retention metrics rather than raw ARR. Renewals roles carry renewal-rate targets (95 to 99 percent gross retention at mature enterprise vendors) plus expansion-revenue targets. Channel Account Managers carry partner-sourced revenue quotas.

Quota attainment rates in cybersecurity sales align with broader B2B SaaS distributions. Per Salesforce State of Sales 2024 (sample 5,500 plus sales professionals globally) and RepVue 2024 quarterly attainment data, roughly half to three-fifths of B2B sales reps hit 100 percent of quota in a typical year. The top quintile (110 percent plus attainment) earns accelerator bonuses that compound variable compensation. The bottom quintile typically generates performance improvement plans and turnover. Per RepVue 2024 cybersecurity-specific data, attainment ranges have tightened slightly in 2023-2024 compared to the 2020-2021 peak, with median attainment landing closer to the 50 to 55 percent band.

Quota attainment is the primary determinant of compensation. At 100 percent quota, you earn your on-target earnings (OTE), with base salary at typically 50 to 60 percent of OTE for AEs (40 to 50 percent for SDRs because outbound roles run heavier-variable) and variable at the remaining 40 to 50 percent. At 120 percent plus quota, accelerators multiply variable compensation by 1.5x to 3x; the slope of the accelerator curve varies by company. At sub-70 percent quota, most cybersecurity sales orgs initiate performance improvement plans within 2 to 3 consecutive quarters of underperformance. Top quartile reps in any given year often earn 1.8x to 2.5x their OTE through accelerators and overperformance bonuses.

Quota-setting practices and ramp policies. Quotas are typically set annually with the fiscal year (often February or April starts depending on the vendor) and may adjust semi-annually for territory rebalancing or major market shifts. New hires receive ramped quotas for the first 3 to 6 months: typical ramp at cybersecurity vendors is 0 percent quota in month 1, 25 percent in month 2, 50 percent in months 3-4, 75 percent in month 5, and full quota by month 6. Some Enterprise AE roles run longer ramps (9 to 12 months) reflecting longer sales-cycle timing. Territory assignment significantly impacts attainability; reps inheriting underdeveloped territories often need 2 to 3 quarters to build pipeline before close-rate normalizes.

What to ask when evaluating a cybersecurity sales role. Ask about median quota attainment across the team in the prior 4 quarters, not just top performers. Ask about ramp policy specifically: when does the rep hit full quota, what is the OTE during ramp, what are the milestone bonuses. Ask about territory carve and how it has changed in the prior 2 years (frequent reshuffling signals territory-quality problems). Ask about pipeline coverage expectations (3x to 5x quota pipeline coverage is healthy; below 2x signals demand-generation problems). Ask about average deal size and median deals-closed-per-quarter at the rep grade you would join. Ask about expansion-revenue weighting in the quota.

Honest tradeoffs. High-quota high-OTE enterprise roles produce the highest compensation ceiling but the longest sales cycles and the highest variance year-over-year. SMB and mid-market roles produce more consistent attainment patterns at lower comp ceilings. PLG and expansion-heavy roles produce the most predictable income but with lower absolute ceilings than strategic enterprise. The right role depends on personal risk tolerance, financial obligations, and career stage. Avoid roles where median team attainment runs below 40 percent; this signals quota inflation that produces high turnover and burnout. DecipherU's cybersecurity sales career guides cover compensation structures, quota expectations, ramp policies, and the diligence checklist that experienced sales leaders use when evaluating new opportunities.