Valimail today released a
report titled
"Hype,
Hope and Cybersecurity,"
which is based on a survey of 296 IT security professionals about their
views on cybersecurity vendors. The findings reveal a high level of skepticism
due to vague product descriptions, ambiguous statistics, limited ability to
measure product effectiveness, and a general lack of follow-through by the
vendors.
"Trying to hold vendors accountable is difficult," says
Chris Cravens, founding CIO of Uber and Zynga, who now serves as a technology
advisor to various companies and investors. "It is tied to the sensationalism
of product development."
The respondents represent large enterprises with big
security budgets. The report finds that 55% of respondents spend more than
$100,000 on each new cybersecurity tool or solution. While spending is high, so
is dissatisfaction with vendors who simply don't guarantee specific results or
fail to provide adequate, data-driven descriptions of the benefits their
products offer. And it all starts with the sales pitch: 53% of respondents say
most or all vendors rely on unclear, opaque, and ambiguous data. Vendors often
fail to articulate the value of their products and their claims are difficult
to verify. They also fail to keep their promises nearly half the time and
rarely make check-in calls after closing sales.
Other key data points include:
- 42% of respondents say
cybersecurity products deliver value "sometimes," but it is difficult or
impossible to prove that value.
- 44% of respondents say
"most or all vendors obfuscate their tech"
- 47% of respondents say that
vendors deliver on their obligations only half of the time or less.
- 49% of respondents say
vendors share little to no reliable information about product roadmaps.
In other words, they don't share
how far into the future their products will still be relevant in a continuously
evolving cybersecurity landscape.
"Through in-depth conversations with our customers, we
sensed a growing and widespread frustration with the majority of cybersecurity
vendors out there," said David Appelbaum, chief marketing officer at Valimail.
"That is why we decided to conduct this research - to highlight this problem
and call on our peers and colleagues to help change the face of cybersecurity
for the better. This includes eliminating jargon, stating plainly what
customers are buying and what results they can expect, and working with them to
ensure those results are realized. The bottom line is that the industry is not
keeping pace with the bad guys - and that is bad for everyone. At Valimail, we
have always strived for clarity, transparency, and customer satisfaction -
along with a guaranteed outcome: DMARC enforcement."
Based on the research findings, the promise of DMARC
enforcement is a critical one, as 72% of respondents said they are very or
extremely concerned about email-based threats, which remains the leading attack
vector for all breaches. Additionally, 48% indicated they are very or extremely
likely to buy a product that promises to combat business email compromise (BEC)
attacks, a problem that DMARC at enforcement significantly reduces.
To learn more, download Valimail's full report here: https://www.valimail.com/resources/hype-hope-and-cybersecurity/