Before we reimagine anything, we need a shared picture of the current surface — what Norton ships, the health of the brand, the systemic gaps, and the metrics we're trying to move. This is the baseline every prototype is measured against.
Four pillars, organized by the job they do. The footprint is broad — the problem isn't feature gaps, it's that Laura doesn't know most of these exist, and the ones she does use are invisible.
The core antivirus heritage — protecting devices, browsers, and network activity. This is what most customers still think Norton is.
Real-time scanning, threat detection, behavioral monitoring across Windows, Mac, iOS, Android.
Two-way firewall monitoring inbound and outbound traffic for PC and Mac.
Bank-grade encryption on public Wi-Fi, up to 10 devices on top tiers.
Browser extension that blocks malicious sites and warns on suspicious links in results.
Store, generate, auto-fill credentials across devices. Free and bundled tiers.
10–500 GB of cloud storage depending on tier. Ransomware mitigation.
Webcam hijack detection and notification for Windows.
The on-demand diagnostic that checks device health, vulnerabilities, and dark-web exposure.
AI-powered scam detection for texts, emails, and calls. Newer addition.
The reactive identity brand. Monitors for signs of identity compromise and reimburses losses when things go wrong. Strong among Norton's 45+ cohort.
Scans forums and breach databases for exposed personal info — SSN, email, phone, bank accounts.
1-bureau or 3-bureau depending on tier, with real-time alerts on credit file changes.
New account openings, address changes, court records, payday loan applications.
Help canceling and replacing contents if wallet is lost or stolen.
U.S.-based agents who work cases to restore identity if theft occurs.
Reimbursement for stolen funds, personal expenses, and legal fees up to $1M on top tier.
The most recent investment area — removing personal info from data brokers and controlling what's exposed online. Still underutilized by the base.
Scans top people-search sites and flags where personal info appears.
Helps opt out and remove personal info from data broker sites.
Monitors Facebook, Instagram, LinkedIn, etc. for compromised or risky activity.
Anti-fingerprinting technology that blocks websites from profiling Laura's browser.
Tools for the household. The most on-brief for Laura's stated anxieties — but poorly discovered and rarely activated by existing subscribers.
Parental controls — screen time, content filtering, location tracking, school time mode.
Up to 10 devices across a household on Select/Ultimate/Advantage tiers.
Monitors what kids watch on YouTube and Hulu on their devices.
Restricts access during school hours to only approved educational sites.
The newest layer of the Norton portfolio — AI-native capabilities and financial wellness tools that point toward where the platform is heading.
Norton's security-first cloud AI agent platform. Performs tasks autonomously on Laura's behalf — monitoring, responding, and acting with full privacy protection. The infrastructure layer for AI-native Norton experiences.
AI-powered assistant that identifies scam messages, suspicious emails, and social engineering attempts in plain language. Already shipping — underutilised by the base.
Real-time scanning and filtering of SMS messages for scam links, smishing attempts, and suspicious senders. Catches threats in Laura's most trusted communication channel.
Financial health monitoring integrated with the Norton platform — tracks spending anomalies, monitors for financial account compromise, and surfaces unusual activity alongside identity protection signals.
The signals leadership is seeing — from brand perception to product usage to competitive pressure. This is the "why now" for the reimagination.
In a category that has moved toward AI, identity, and holistic "digital life" protection, Norton is still filed mentally under "the thing you installed on your Dell in 2008." The brand has extended far beyond antivirus — but the perception hasn't kept up.
Laura wants it handled — so Norton stays silent. But silence means she never sees the value she's paying for. Engagement is low, perceived value is low, and renewal becomes a quiet negotiation with a charge she doesn't remember authorizing.
Norton's paying base concentrates in 45–65+, with a median HHI of ~$142K. Strong on loyalty, but structurally declining. Younger builder-phase users don't install a security suite — they assume their phone or bank handles it. New acquisition is expensive.
Banks now offer dark web monitoring. Apple offers private relay. Google offers password managers. iOS has on-device threat detection. The standalone security category is being absorbed by platforms — and Norton has to justify its seat at a table that's getting smaller.
Not bugs — structural holes. These are places where Norton could credibly play and isn't, or where the product model doesn't match how Laura actually lives.
Norton sees device signals. It sees identity signals. It sees dark web signals. It rarely connects them. A scam text, a suspicious login, and a new credit inquiry within 48 hours should trigger one unified alert — not three disconnected ones Laura has to piece together.
"Up to 10 devices" is a license count, not a family model. Laura has no view into what's happening on her mom's iPad or her 12-year-old's phone. The product is sold as a family plan but operates as a set of individual accounts.
Genie Scam Protection is a start — but it's still a classifier, not an agent. Laura wants Norton to decide and act on her behalf, not hand her a yellow warning triangle. The brand is positioned for agency but the product is still set up to ask permission.
Every Norton feature is reactive — it alerts on something that has already happened. Nothing tells Laura what to prepare for. She's buying a house, starting a 529, planning a trip — Norton's models know all of this and say nothing about the risks ahead.
Norton Money exists. N360 exists. To Laura they're the same brand, but the products don't talk to each other — a financial anomaly in Norton Money doesn't trigger identity protection in LifeLock. The "one Norton" story is a promise the surface area doesn't deliver.
Upgrade prompts look like storefronts, not recommendations from a fiduciary. "Add VPN for $4.99/mo" doesn't match how Laura thinks about her risks. She wants someone to say "given your situation, here's what you need" — and mean it.
Norton FY25 closed at $1.1B in bookings, +4.5% YoY. The growth story is more complicated than the headline.
+4.5% YoY — driven by add-ons, tier mix shift, and price increases. Not new customers.
Across N360, VPN, VSB, and Mobile entry doors. Partner volume sits at 87.3M — but at much lower per-unit economics.
Top-rated on only 3 of 14 product experience attributes consumers care about. NordVPN leads on 13 of 14.
Across 730K direct units. Site conversion rate: 2.7% on 24.4M annual sessions. CLR spread: 8× from NAVP ($45) to Ultimate+ ($1,187).
The honest read: Norton grew 4.5% in FY25 — but only because existing customers paid more. Entry-tier units grew 5% while bookings fell 3%. The product is better at extracting value from existing users, and worse at winning new ones. That's a finite strategy.
$375M in Norton add-on bookings, growing 30%+ — unloved utilities that nobody markets, growing faster than the core product. Imagine what a Norton-branded scam-defense add-on could do.
The opportunity: 77% of Norton customers sit in the lowest three tiers. Moving Laura just one tier up ($45 → $62 CLR) is worth more than acquiring a brand-new NAVP customer.
Brand health signals, NPS rankings, and the four competitive lanes Norton must answer simultaneously.
BHI Ranking — FY26 Q3
Microsoft, Google, and Apple are all gaining brand health. Microsoft is one point away from passing Norton. The category isn't being eaten by a competitor — it's being eaten by the operating system.
Where it gets uncomfortable: NordVPN ranks 1st in NPS and top-rated on 13 of 14 product attributes. Norton ranks 3rd — top-rated on only 3 of 14. Norton outspends NordVPN on media and holds more market share, and is still losing on the things customers actually rate.
All premium-tier, all pressured by OS vendors. Where Norton has historically competed.
Closing platforms, AI scam detection in calls, SMS, email, and browsers. Not competing — absorbing the category.
VPN and Identity players expanding into full cybersafety suites. The ones actively gaining brand health.
Cybersafety embedded into devices, telcos, and banks. The channel that doesn't need brand recognition.
The strategic question: Norton has historically competed in one of these lanes. The reimagination needs to credibly answer all four — at the same time.
Norton 360 — the core business. The most commoditized JTBD on the page.
Norton Genie Scam Protection — no standalone P&L yet. The highest-anxiety JTBD for Laura.
Norton VPN, PMA, AntiTrack. Growing but underdifferentiated.
N360 with LifeLock, Secure Identity. The highest CLR on the page — and the least developed surface.
The reframe: 80% of Norton's revenue ($1.7B) sits in the most commoditized JTBD. The two jobs with the most upside together generate less than $400M. The reimagination has to shift the revenue mix as much as the product mix.
A 3-tier mandate-based model is one of the locked outcomes of this sprint. Current SKUs will be mapped here once the tier framework is settled.
This section will hold the three-tier pricing framework once the sprint team locks it — priced to match Laura's willingness-to-pay for mental-load relief.
The North Star and supporting metrics this sprint's winning concept will be measured against. To be finalized with Travis.
This section will hold the metric framework once it's agreed. Likely candidates include weekly active households, Laura-verified satisfaction score, tier-upgrade conversion, and 12-month retention delta versus the current experience.