Research finds Security Professionals are Skeptical About Cybersecurity Vendor Claims

New research reveals a high level of skepticism due to vague product descriptions, ambiguous statistics, limited ability to measure product effectiveness, and a general lack of follow-through by the vendors.

The study by Valimail included respondents who represent large enterprises with big security budgets. The report finds that 55% of respondents spend more than $100,000 on each new cybersecurity tool or solution. While spending is high, so is dissatisfaction with vendors who simply don’t guarantee specific results or fail to provide adequate, data-driven descriptions of the benefits their products offer. And it all starts with the sales pitch, the study says: 53% of respondents say most or all vendors rely on unclear, opaque, and ambiguous data. Vendors often fail to articulate the value of their products and their claims are difficult to verify. They also fail to keep their promises nearly half the time and rarely make check-in calls after closing sales.

The study also found:

42% of respondents say cybersecurity products deliver value “sometimes,” but it is difficult or impossible to prove that value.
44% of respondents say "most or all vendors obfuscate their tech".
47% of respondents say that vendors deliver on their obligations only half of the time or less.
49% of respondents say vendors share little to no reliable information about product roadmaps.
In other words, they don’t share how far into the future their products will still be relevant in a continuously evolving cybersecurity landscape.

“Through in-depth conversations with our customers, we sensed a growing and widespread frustration with the majority of cybersecurity vendors out there,” said David Appelbaum, chief marketing officer at Valimail. “That is why we decided to conduct this research — to highlight this problem and call on our peers and colleagues to help change the face of cybersecurity for the better. This includes eliminating jargon, stating plainly what customers are buying and what results they can expect, and working with them to ensure those results are realized. The bottom line is that the industry is not keeping pace with the bad guys — and that is bad for everyone.”

Based on the research findings, the promise of DMARC enforcement is a critical one, as 72% of respondents said they are very or extremely concerned about email-based threats, which remains the leading attack vector for all breaches. Additionally, 48% indicated they are very or extremely likely to buy a product that promises to combat business email compromise (BEC) attacks, a problem that DMARC at enforcement significantly reduces.

ON DEMAND: Business-impacting events such as severe weather, man-made disasters, and supply chain disruption are increasing in frequency and making impacts around the globe.

In today's rapidly evolving security landscape, organizations face an ever-growing array of disruptive events, security threats and risks. Traditional reactive approaches to security intelligence often leave businesses vulnerable and ill-prepared to anticipate and mitigate emerging threats that could impact the safety of their people, facilities or operations.