Vendors often talk big when describing how their cybersecurity products will help keep your data safe. Now, new research suggests that buyers take these claims with a big pinch of salt. A survey sponsored by email protection company Valimail found a healthy dose of skepticism among cybersecurity customers, especially when it came to verifiable facts.
Companies spend lots on new cybersecurity solutions. More than three quarters of the 296 respondents spent more than $50,000 per annum on new cybersecurity products, with 27% forking over more than $250,000 each year. A large proportion of them are laying down this budget without sufficient proof that the products work. More than half (53%) criticize vendors for using unclear and ambiguous data that makes it difficult to verify claims about their products.
Companies also find it difficult to work out for themselves whether those products are delivering real value, with 42.6% having to do considerable work to prove it. A small number, 6.8%, said that they can’t prove it at all.
What’s causing this problem? The Valimail report raises several key issues. One of them is over-enthusiastic vendor marketing littered with hyperbolic jargon. The hype sounds great on paper, but once the product is installed the buyer (who expected it to solve all their problems) realizes that it falls short of expectations.
Vendors don’t help their own cause here, because they often let customers down with a lack of follow-through support. When a customer is spending that much money, you’d hope that a vendor would provide a contractual guarantee that they will achieve measurable benchmarks. In practice, this happens less than half the time according to 47.4% of respondents.
Neither do customers provide an adequate picture of where their products were headed. Only 10.5% of respondents felt well informed about their vendor’s product road map, which makes it difficult to build those products into a cohesive ongoing product strategy.
One of the contributing factors here is probably the aggressive churn that we see in the cybersecurity sector. A security vendor may begin with the best of intentions, but when another company acquires it in this fast-moving business, plans naturally change, and yesterday’s hot product development area becomes tomorrow’s shelfware.
Customers face several challenges. They must hold vendors to account (or at least prepare to cope with situations where the vendors aren’t accountable), and they must be prepared to plug any gaps by combining multiple products into a single solution. That means integrating multiple products into a workable security stack and operating it as a cohesive whole, even when a vendor’s plans change.
Ideally, customers should work with an integrator who will help them build different cybersecurity products into the rest of their infrastructure and work out how to derive the best value from them. This is still a young industry, and while many vendors will tell you that their product is a panacea, it will take work to bridge the gap between marketing and reality.
