Enterprise security professionals face a difficult task. The growth of the cybersecurity market has led to increased clutter and overwhelming fragmentation. A new survey of more than 250 corporate IT professionals conducted by YouGov on behalf of HPL Cyber provides instructive insights regarding what buyers care about most when selecting their next cybersecurity vendor. Before we dig into the tips that enterprise security professionals should keep top of mind when seeking out the right vendor, let’s delve into the primary pain points that buyers face.

The Buyer’s Dilemma

Enterprise security professionals are overwhelmed, underfunded and face intense pressure to protect their organization’s assets from evolving cyber threats. Most are concerned about an imminent cyber attack (95%); additionally, more than half of respondents (52%) cite fear of data loss, followed by 37% indicating a loss of reputation. But only 16% claim they purchase cybersecurity solutions after an attack, noting that the cluttered marketplace, being wary of “fast-talking salespeople selling snake oil” and “a lack of product effectiveness and lack of documentation,” as major impediments on the path to purchase.

Additional data insights include:

  • The number one factor when it comes to purchasing cyber security products was brand reputation (41%), which outweighs other factors including cost, expertise and even third-party referrals.
  • Thirty percent of buyers don’t know the name of their current cybersecurity provider.
  • Sixty-eight percent of buyers are overwhelmed by the sheer number of cybersecurity vendors.
  • Thirty-percent of buyers said that a lack of brand awareness is one of the biggest barriers when purchasing from cyber vendors.

The pain points are clear; so what should enterprise security professionals do to ensure they choose the best cybersecurity partner to address their needs?

Questions and tips for finding the right cybersecurity vendor.

  1. Does the vendor understand my pain points?

Buyers’ top three concerns stemming from cyber attacks are: loss of data; loss of revenue; and loss of reputation. It stands to reason that cyber vendors should use these pain points to position their company and product as a solution to your most acute cybersecurity needs. Ask yourself, for instance: Knowing that data loss carries significant reputational implications for enterprises, is the vendor articulating how they would help your businesses to not only protect data, but navigate the fallout in case of an attack?

Vendors that highlight the evolution of sophistication of cyber attacks - particularly around data loss, revenue loss and how it impacts reputation - stand to gain more visibility, recognition and credibility among enterprise security professionals.


  1. Are vendors reaching you where you are?

Enterprise security professionals indicated that when they want to stay abreast of the latest news and developments in the cybersecurity space, they look at the following: articles published in trusted cyber, tech and business publications; industry events/conferences; and thought leadership from product vendors, including case studies and white papers. Let’s consider this in more depth:

  • Thought leadership content that adds real value to security professionals is one of the best ways to build mindshare and credibility. ESPs should actively seek out vendors that take the time and effort to produce content that makes everyone smarter about the collective threats/ vulnerabilities, processes and solutions.
  • Media coverage of a vendor -- whether it be of a product, service or thought leadership -- is a ringing endorsement. ESPs should partner with vendors who are well credentialized  in the media and have gained the respect of journalists and other influencers.
  • Case studies are important and ESPs should demand to understand how the vendor has helped other like-minded companies tackle their cybersecurity problems.

Taking a look at these elements, ahead of a meeting with a vendor, will put you in a much stronger position to make the right decision.

  1. Are vendors giving you what you want?

Even though buyers are afraid of cyberattacks, they indicated that fear-based marketing is not as effective as business-enablement marketing. Specifically, buyers noted that they have purchased cyber products as a result of case studies, conference presentations, webinars, and news articles.

Be skeptical of vendors that frequently employ “doomsday scenarios” and other fear tactics to scare you into buying a product. A natural question that is bound to come to mind: If this vendor is proud of their product and service, then why resort to a form of intimidation instead of letting the product speak for itself? Be mindful of the overeager salesperson that is more interested in notching a sale under their belt as opposed to a thoughtful and nuanced approach that “shows” as opposed to simply “telling.”

Keeps these tips in mind when making your next cybersecurity purchase

Enterprise security professionals are not a monolithic group -- each professional and company possess distinct and overlapping preferences and interests. Yet, the trends and buyer pain points uncovered in our research provide an instructive guide on what to look for when seeking out your next cybersecurity vendor.