Valimail Research Finds Security Professionals are Skeptical About Cybersecurity Vendor Claims

Survey Shows More Than 50% of Enterprise IT Pros Say Cybersecurity Vendors Use Unclear and Ambiguous Data to Peddle Products

SAN FRANCISCO, Dec.  17, 2019 — Valimail, the leading provider of identity-based anti-phishing solutions, today released a report titled “Hype, Hope and Cybersecurity,” which is based on  a survey of 296 IT security professionals about their views on cybersecurity vendors. The findings reveal a high level of skepticism due to vague product descriptions, ambiguous statistics, limited ability to measure product effectiveness, and a general lack of follow-through  by the vendors.

“Trying to hold vendors accountable is difficult,” says Chris Cravens, founding CIO of Uber and Zynga, who now serves as a technology advisor to various companies and investors. “It is tied to the sensationalism of product development.”

The respondents represent large enterprises with big security budgets. The report finds that 55% of respondents spend more than $100,000 on each new cybersecurity tool or solution. While spending is high, so is dissatisfaction with vendors who simply don’t guarantee specific results or fail to provide adequate, data-driven descriptions of the benefits their products offer. And it all starts with the sales pitch: 53% of respondents say most or all vendors rely on unclear, opaque, and ambiguous data. Vendors often fail to articulate the value of their products and their claims are difficult to verify. They also fail to keep their promises nearly half the time and rarely make check-in calls after closing sales.

Other key data points include:

  • 42% of respondents say cybersecurity products deliver value “sometimes,” but it is difficult or impossible to prove that value.
  • 44% of respondents say “most or all vendors obfuscate their tech”.
  • 47% of respondents say that vendors deliver on their obligations only half of the time or less.
  • 49% of respondents say vendors share little to no reliable information about product roadmaps.

In other words, they don’t share how far into the future their products will still be relevant in a continuously-evolving cybersecurity landscape.

“Through in-depth conversations with our customers, we sensed a growing and widespread frustration with the majority of cybersecurity vendors out there,” said David Appelbaum, chief marketing officer at Valimail. “That is why we decided to conduct this research — to highlight this problem and call on our peers and colleagues to help change the face of cybersecurity for the better. This includes eliminating jargon, stating plainly what customers are buying and what results they can expect, and working with them to ensure those results are realized. The bottom line is that the industry is not keeping pace with the bad guys — and that is bad for everyone. At Valimail, we have always strived for clarity, transparency, and customer satisfaction  – along with a guaranteed outcome: DMARC enforcement.”

Based on the research findings, the promise of DMARC enforcement is a critical one, as 72% of respondents said they are very or extremely concerned about email-based threats, which remains the leading attack vector for all breaches. Additionally, 48% indicated they are very or extremely likely to buy a product that promises to combat business email compromise (BEC) attacks, a problem that DMARC at enforcement significantly reduces.


The survey was based on 296 responses from a broad cross-section of company sizes and revenues and eight industry verticals, including federal and state and local government, technology services, finance, education, manufacturing, medical and health care, legal/real estate and retail and wholesale distribution. Among respondents, 40% hold data and cybersecurity job titles of director or above. The survey was conducted in October 2019 by C.A. Walker Research Solutions.

Get started for free
with Monitor

Start your path to DMARC enforcement with a panoramic view of the traffic being sent on your behalf.
No trial offers, credit cards, or obligations.

Explore all Valimail
has to offer

Go one step further than visibility…Take action! Reach DMARC enforcement faster. Stay compliant with evolving sender requirements. All while protecting your brand.

Phishing and BEC protection starts with your domain — verify your DMARC status with the Valimail Domain Checker.