Vendors can gain an inside track on understanding security buyer behavior and preferences in the recently released Survey Analysis: Trends in End-User Security Spending, 2018. My colleague Deborah Kish was once again lead analyst and author for the survey, which studied security product buying behavior data from 480 respondents across North America, Europe, and the Asia/Pacific Region. The results suggest a number of opportunities vendors can leverage. Here’s a recap of some of the high-level findings.
Security Budgets and What Gets in The Way?
Respondents, as in our last survey, are optimistic about receiving increased security budgets. But that optimism should be tempered — as we saw in our last version of the study, most expected higher budgets, with those expecting an increase expecting to see rises of over 20%. That’s similar to this year’s results. However, actual increases garnered were only about one-third that amount, suggesting buyers may not get everything they hope to receive.
When looking at the barriers respondents reported in trying to secure budget, there was a mix of good news and bad. The good news is the number of members of senior management — such as the CEO and Board of Directors — interested in talking about security actually rose. The bad news is that security staff feel ill-prepared to have that discussion, at even higher rates than in our last study. Large numbers of buyers reported difficulty in communicating the business value of security and spending on products and programs, and nearly half said metrics for reporting that information were too technical.
Despite the expected increases in budgets, many respondents reported feeling pressure to optimize costs. They report a mix of measures to address that need, including renegotiating contracts, consolidation of vendor portfolios, and shifting to services. The leading measure, by one percentage point, was a plan to reorganize and hire security staff with specialized skill sets. Given the widely reported difficulties in hiring security specialists, than plan may prove difficult to implement. Regardless, it represents an opportunity for vendors able to demonstrate how automated solutions can help support such initiatives, by eliminating routine tasks and making existing staff more effective and productive.
What’s Driving Security Spend?
Not many surprises here. Risk (such as concerns over privacy and data breaches) were noted by just over half of respondents. Business needs (including regulatory compliance) led the list for about one-third, and underlying industry changes (like new technologies and infrastructure changes) were also noted.
What – and How — are Buyers Purchasing?
The survey examined current and planned deployments for nine different security market segments (application security testing and privileged access management were new in this year’s study). Significant opportunities exist across all market segments, although some are beginning to show significant penetration. The data confirmed findings from Gartner’s Annual Global Risk & Security Survey, which showed data and application security are gaining traction among organizations. As those organizations buy, they’re increasingly looking towards service-based offerings (including both SaaS and more traditional managed service options). While exclusive plans for traditional on-premise deployments came in last across the board, a significant number of respondents suggested they’re considering hybrid deployments, reflecting the complexity of today’s IT environment.
Gartner clients can find more details on survey results, and specific recommendations for vendors, in the report Survey Analysis: Trends in End-User Security Spending, 2018. More detailed information can be shared with clients in inquiry sessions.
Read Complimentary Relevant Research
Four Ways for CIOs to Cultivate Digital Dexterity in Leadership and the Workforce
To thrive in the digital era, enterprises need digital dexterity as an organizationwide competency. CIOs can boost their value by developing...
View Relevant Webinars
Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.