What are typical cybersecurity sales quotas?

SDR quotas are activity and output-based. Monthly targets typically include: 10 to 20 qualified meetings (Sales Qualified Opportunities or SQOs), 500 to 1,000 outbound touches (emails, calls, social touches), and pipeline dollar value generated. SDR compensation is tied to meetings that convert to qualified opportunities for the sales team. Top-performing SDRs exceed quota by 120 to 150%, earning accelerator bonuses.

Account Executive quotas are revenue-based. SMB AEs carry $500,000 to $1,000,000 annual ARR quotas. Mid-market AEs carry $800,000 to $1,500,000 quotas. Enterprise AEs carry $1,500,000 to $3,000,000+ quotas. Strategic AEs at major vendors (Palo Alto Networks, CrowdStrike) may carry $3,000,000 to $5,000,000+ quotas. These quotas reflect expected new business and often include expansion revenue from existing customers.

Quota attainment rates in cybersecurity sales are consistent with broader SaaS. According to industry surveys, 50 to 60% of sales reps hit 100% of quota in a given year. Top performers (110%+ attainment) represent approximately 20 to 25% of the team. Quota attainment is the primary determinant of compensation: at 100% quota, you earn your on-target earnings (OTE). At 120%+ quota, accelerators multiply variable compensation by 1.5x to 3x.

Quota-setting practices: quotas are typically set annually and may adjust semi-annually based on territory changes or market conditions. New hires usually receive a reduced (ramped) quota for their first 3 to 6 months. Territory assignment significantly impacts quota attainability. When evaluating a cybersecurity sales role, ask about median quota attainment across the team, not just top performers. DecipherU's cybersecurity sales career guides cover compensation structures, quota expectations, and negotiation strategies.