CISOs want measurable results, survey shows

Cover report reads "Hype, hope and cybersecurity: are your vendors meeting their obligations" .

CISOs want measurable results, survey shows

Enterprises tend to spend a lot on cybersecurity. So you’d think they’d be insisting on — and getting — measurable results.

It’s not necessarily so. According to a survey of almost 300 IT security executives conducted by SC Media and research firm C.A. Walker, cybersecurity vendors often fail to articulate the value of their products and tout claims that are difficult to verify. They also fail to keep their promises nearly half the time and rarely make check-in calls after making sales.

Scroll down for an infographic summarizing the results, or click here to download the full research report, which includes 8 pages packed with data as well as actionable advice from CISOs and CIOs.

Overpromising and under-delivering

According to the CISOs and security executives who filled out the survey, vendors overpromise in the sales pitch, fall short in customer relations, and often fail to deliver measurable value once the product is deployed.

And it all starts with the sales pitch: 53% of respondents say most or all vendors use unclear, opaque and ambiguous data. Even after the client buys a product, they cannot be sure if it works as advertised, or they have difficulty demonstrating that there is actually a measurable return on the investment.

Of those surveyed, 42% say cybersecurity products do deliver value — but it is difficult or virtually impossible to prove that value.

Broken promises are not uncommon. Some 35% of those surveyed say cybersecurity vendors deliver on their obligations less than half the time. What’s more, it is not clear if the products delivered today will still be relevant tomorrow; 49% say vendors share little to no reliable information about product roadmaps.

What CISOs want

The survey indicates that corporate security leaders have one big ask: Integrate cyber tools with existing security information and event management (SIEM) systems, so they can start to stitch together disparate and inadequately supported cyber tech and the voluminous data it tends to generate. Nearly three-quarters of respondents, or 71%, say vendors providing APIs or other ways to integrate their products with SIEMs is very or critically important.

Additionally, 76% say compliance with relevant open standards is a very important or critical criteria.

And 69% expect their cyber vendors to play a significant role in contributing to the overall security ecosystem.

The path forward

Although this research shows that cybersecurity vendors have disappointed or even alienated some customers, the stark results also point to a way forward:

Put all those promises of cybersecurity effectiveness into writing — in the contract.

If you’re not getting measurable results, or your vendor isn’t willing to manage to a measurable target, you deserve better.

Valimail is the leading provider of sender identity-based email security solutions. Find out how Valimail delivers measurable results for email security — and a DMARC enforcement rate that is verifiably better than any other vendor in the industry. Contact us today to find out how Valimail can stop phishing and protect your brand.

Cartoon style imagery with highlighted statistics showing how frustrated CISOs are with cybersecurity vendors

Get started for free
with Monitor

Start your path to DMARC enforcement with a panoramic view of the traffic being sent on your behalf.
No trial offers, credit cards, or obligations.

Explore all Valimail
has to offer

Go one step further than visibility…Take action! Reach DMARC enforcement faster. Stay compliant with evolving sender requirements. All while protecting your brand.

Phishing and BEC protection starts with your domain — verify your DMARC status with the Valimail Domain Checker.