Improve your hooks

Your ad gets 0.5 seconds of attention as someone scrolls their feed. The hook (opening line) determines whether they keep scrolling or stop to read. Everything else (visual, body copy, CTA) is irrelevant if the hook fails.

Most hooks fail because they're generic ("Looking for security training?"), clever instead of clear ("Your employees are ticking time bombs"), or addressing the wrong belief gap (talking about features when the segment doubts effectiveness).

This chapter shows you how to write and test four hook types (questions, stats, pain, outcome), explains when each type works for different segments and awareness stages, and demonstrates why mobile-first design matters (your hook must work at small screen size).

Question hooks work when the reader immediately thinks "yes, that's me" and feels compelled to keep reading for the answer.

The format: Ask the exact question your segment is already asking themselves. For compliance-driven buyers: "Still using annual security training?" They're already thinking "our annual training is tedious and no one pays attention". Your question validates their concern and implies you have a better way.

For breach-reactive buyers: "Need compliance training set up today?" They're in crisis mode after a breach, thinking "we need this fixed immediately". Your question matches their urgency and promises speed.

For proactive buyers: "Can you prove security training reduces breach risk?" They're building a business case and thinking "I need data to justify this investment". Your question acknowledges their challenge.

Test open versus closed questions. Open questions ("What's your biggest security concern?") invite thought but might not stop the scroll. Closed questions ("Is your team ready for a breach?") demand a yes/no answer and create more tension.

Track CTR by hook type and segment. If question hooks outperform others for compliance-driven but underperform for breach-reactive, you've learned something about segment psychology. Compliance-driven responds to problems they recognise. Breach-reactive responds to urgency and outcomes.

Common mistakes: asking questions they're not asking ("Ready to transform your security posture?" is too vague), asking multiple questions in the hook (creates confusion), using yes/no questions where yes is obvious ("Want better security?" - everyone says yes, so it's not engaging).

Stat hooks lead with a surprising or concerning number that makes people think "I didn't know that" or "that's worse than I thought".

The format: specific number + clear implication. "67% of breaches start with employee mistakes" (problem stat that creates urgency). "£2.4M average breach cost for mid-size companies" (financial impact stat). "Training reduces click-through rates by 47%" (solution stat showing effectiveness).

When stat hooks work: analytical buyers (proactive segment needs data), problem-aware audiences (stat proves the problem matters), solution-aware audiences (stat proves the solution works). Don't use stats for most-aware audiences (they already believe everything, they just need to choose you).

Source credibility matters. "Gartner reports 67% of breaches..." is more credible than "67% of breaches...". Cite your source, especially for surprising stats. If you can't cite a reputable source, don't use the stat.

Test different stat types: problem stats (how big is the problem), solution stats (how well does the solution work), comparison stats (X is 3× better than Y), ROI stats (payback in 6 months). Different segments respond to different stat types.

Proactive segment responds to solution stats and ROI stats (they need proof training works and delivers ROI). Compliance-driven doesn't care about behaviour change stats (they don't believe behaviour matters), but does care about compliance failure stats ("Companies failing audits increased 34% last year").

Common mistakes: using vague stats ("most breaches..." instead of "67% of breaches"), using stats without source (reduces credibility), using stats that aren't surprising ("100% of companies need security" doesn't make anyone think), using stats the segment doesn't care about (behaviour change stats for compliance-driven).

Pain hooks state a frustration or problem the reader is experiencing right now. They work because recognition creates engagement ("yes, that's exactly my problem") and implied promise ("if they're calling out my problem, they probably have a solution").

The format: direct statement of current pain. "Your employees keep clicking phishing emails despite training" (acknowledges their frustration with current solution). "Failed your last compliance audit?" (high-stakes pain, creates urgency). "Security training takes weeks to set up and no one completes it" (operational pain).

Test intensity levels: mild frustration ("Annual training feels like a checkbox exercise") versus urgent crisis ("Your last breach cost £400,000 and could happen again"). Different segments respond to different intensity levels.

Compliance-driven responds to mild frustration about current solutions ("Employees rush through training just to check the box"). They're not in crisis, they're just annoyed. Urgent language feels mismatched.

Breach-reactive responds to urgent crisis language ("A breach is expensive, but the next one could shut you down"). They're in crisis mode. Mild frustration feels tone-deaf.

Proactive responds to strategic concerns ("You're spending £50K on training but can't prove it's working"). They're not in crisis, but they do have a problem (can't justify budget). Match their measured concern.

Track which pain intensity works for which segment. Also test positive versus negative framing in the next section on body copy, but for hooks specifically, negative (pain) usually outperforms positive (opportunity) in B2B. Pain creates more urgency than opportunity.

Common mistakes: generic pain ("Security is hard" - too vague), pain the segment doesn't have (talking about implementation complexity to a segment that values ease), mismatched intensity (crisis language for non-crisis segment), pain without implied solution (creates anxiety with no release).

Outcome hooks promise the specific result the reader wants. They work when the outcome is believable (not hype) and matches what the segment actually desires.

The format: specific outcome + time frame. "Train your whole team in 30 minutes" (speed outcome for breach-reactive). "Reduce breach risk 47% this quarter" (measurable security improvement for proactive). "Meet compliance requirements in one session" (compliance outcome for compliance-driven).

The outcome must match segment beliefs. Compliance-driven wants speed and checkbox completion, not behaviour change. Promising "change employee behaviour in 90 days" doesn't resonate because they don't believe behaviour change is the point. Promising "complete annual training in 30 minutes" matches what they value.

Proactive wants measurable impact, not speed. Promising "set up in one hour" doesn't resonate. Promising "reduce risky behaviours 47% in 90 days" matches what they value (data-driven security improvement).

Test outcome specificity: vague ("improve security") versus specific ("reduce click-through rates 47%"). Specific usually wins because it's more believable and easier to evaluate.

Also test time frames: immediate ("today", "in 30 minutes") versus near-term ("this quarter", "within 90 days") versus long-term ("this year"). Urgency-driven segments (breach-reactive) respond to immediate. Strategic segments (proactive) respond to near-term. No one responds to vague ("eventually", "over time").

Common mistakes: outcomes that sound like hype ("transform your security posture" is too grand), outcomes the segment doesn't want (behaviour change for compliance-driven), outcomes without time frame ("improve security" could take years), impossible-sounding outcomes ("eliminate all breaches" isn't believable).

The hook determines whether anyone reads your ad. Test four hook types systematically: questions (create recognition and nodding), stats (prove scale or impact for analytical buyers), pain (acknowledge current frustration or crisis), outcomes (promise specific results).

Different segments respond to different hook types. Compliance-driven responds to questions about current training and outcomes promising speed. Breach-reactive responds to pain about urgency and outcomes promising immediate deployment. Proactive responds to stats showing ROI and outcomes promising measurable impact.

Test intensity (mild frustration versus urgent crisis) and specificity (vague versus specific outcomes). Track CTR by hook type and segment to identify what works.

Your hook must work on mobile at small screen size. If it doesn't make sense in 5-10 words, it won't work in feed.

Next chapter: improve your visuals to capture attention and support your hook.