how the security buy goes down 6 30 16_2

1

UBM Technology Group Marketing Research | June 2016

CreateYourNextCustomer.com All rights reserved.UBM Technology Group’s How The Security Buy Goes Down Research, June 2016

2

RESEARCH OVERVIEW

CreateYourNextCustomer.com All rights reserved.

UBM Technology Group’s How The Security Buy Goes

Down research was developed to gain insight into how

security products, solutions and services purchasing

decisions are made.

We contrasted and compared Security Titles and IT Titles

responses on topics like:

• Who is involved at what stage of the purchase process

• Who holds the purse strings

• Who owns and manages what

The results of this survey of 730 business technology

professionals provide marketers with data and insight to

enhance and improve their marketing and targeting

strategies.

METHODOLOGY

• In Spring 2016, UBM conducted

an online survey of business and

technology professionals to

delve into the purchasing habits

of IT security products and

services.

• Final data is based on Security

titles (N=130) and IT titles

(N=600).

• The margin of error for the

security title base of (N=130) is

+/- 8%, and for the IT title base

of (N=600) is +/- 4%.

• UBM was responsible for all

programming and data analysis.

These procedures were carried

out in strict accordance with

standard market research

practices.

UBM Technology Group’s How The Security Buy Goes Down Research, June 2016

3

37%

23%

13%

13%

7%

5%

2%

Director/

Manager Security/

NW Security

Security Staff

Risk/Compliance

Officer/Manager

Chief Security

Officer

VP of Security

Director of

Security OperationsChief Privacy Officer

16%

16%

18%12%

10%

9%

8%

7%4%

RESPONDENT OVERVIEW


Director/Manager of IT

IT/IS Staff

CIO, CTO,

VP of ITNetwork/

System Admin

Software/Web

Developer

Analyst

IT Architect

Other IT

Director of Operations


4

RESPONDENT OVERVIEW


Company Size (# of Employees)

56%29%

15%

49%

28%

23%

1,000 or more100 to 999

Under 100

1,000 or more

Under 100

100 to 999

# of IT Security Professionals Staffed at Company

66%

20%

14%

10 and under11 to 40

41 and over

73%

14%

13%

10 and under

41 and over

11 to 40


5

SECURITY TITLES: REPORTING STRUCTURE


We asked only security titles: Who do you report to?

27%

17%

15%

12%

6%

5%

5%

3%

2%

1%

6%

IT director or manager

CIO or CTO

CEO

CSO

VP of security

Risk/compliance officer or risk manager

Corporate manager

VP of IT

Legal counsel

Chief privacy officer

OtherAlmost half report into IT

22% report into Corporate


6

Determine Need

NO SURPRISE:

When it comes to the 1st four stages of the buying

process, security says security leads, and IT says IT

leads.

Q. Which job function or title would you say is primarily responsible for each stage of a security technology purchase

(regardless of whether that job title describes you or not)? Select one job function for each stage.

PURCHASE PROCESS


STEP 1 STEP 2 STEP 3 STEP 4 STEP 6STEP 5


Corporate executives (CEO, CFO, VP)

7

Define Requirements



PURCHASE PROCESS





8

Develop Vendor List



PURCHASE PROCESS






9

Evaluate / Make Recommendation



PURCHASE PROCESS




Corporate Execs (CEO, CFO, VP)Corporate executives (CEO, CFO, VP)

10

Select Vendor



PURCHASE PROCESS



When it comes to selecting a vendor,

both audiences report that IT Directors

and Managers are highly involved



11

Approval



PURCHASE PROCESS



When it comes to approval, both titles agree:

IT executives take the lead



12

IT is in Control of Security Spending

Q. Who ultimately makes security spending decisions or “holds the purse strings?”

PURSE STRINGS



13

43%of security vendor

decisions are made by a formal committee

Q. Who is on the vendor selection committee? Check all that apply.

SECURITY PURCHASES BY COMMITTEE



14Q. Who initiates RFPs for security tech purchases? Check all that apply.

SECURITY RFPS – WHO’S INITIATING?



15

MOST IMPORTANT PURCHASE DRIVERS


On the Same Page

Q. What are the three most important drivers behind security purchases in your organization?


16

IT FOCUSED ON LONG TERM INFRASTRUCTURE


Most of our security purchases are

designed to solve a specific problem we

are experiencing at the time.

Most of our security purchases

are driven by a longer-term

IT architecture/plan.

I believe my company’s IT management

understands the current security threat

and makes educated decisions.

46%

53%

49%

36%

57%

53%


17

SECURITY PRODUCTS ON THE DOCKET


Firewalls 54%

Endpoint protection (antivirus, antispyware) 47%

E-mail security/spam filtering 42%

Data loss prevention 41%

Intrusion prevention/intrusion detection 40%

Log analysis/Security event management/security

information management39%

Data encryption 37%

VPN 36%

Security analytics 34%

Patch management 33%

Vulnerability assessment/penetration testing 31%

Gateway antivirus/antimalware 29%

Identity management 29%

Advanced threat prevention tools 26%

Web application firewalls 25%

Wireless security enforcement 24%

Tools/services for securing data in the cloud 23%

Managed security services or security consulting services 22%

Mobile device/application management 21%

Portable-device security 16%

NAC 13%

Firewalls 57%

E-mail security/spam filtering 48%

Endpoint protection (antivirus, antispyware) 47%

Data encryption 42%

VPN 41%

Data loss prevention 34%

Intrusion prevention/intrusion detection 33%

Gateway antivirus/antimalware 30%

Wireless security enforcement 28%

Mobile device/application management 26%

Identity management 25%

Patch management 25%

Log analysis/security event management/security

information management25%

Security analytics 22%

Web application firewalls 22%

Vulnerability assessment/penetration testing 22%

Tools/services for securing data in the cloud 21%

Advanced threat prevention tools 20%

Portable-device security 17%

Managed security services or security consulting services 13%

NAC 9%

Q. What security technologies or solutions has your organization recently purchased or do you plan to purchase in the next 12 months? Check all that apply.


18

SUMMARY – How the Security Buy Goes Down


Why Security Vendors/Marketers Need to Reach

and Engage with Both Security and IT

Professionals

• Security and IT pros report that both teams are

actively engaged throughout the security

purchase process

• Both security pros and IT pros report being

involved in the early- to mid- stages of the

purchase process – make sure you’re engaging

with both targets early to be considered in the

later stages

• IT leads the way when it comes to the final

steps of the purchase process: vendor selection

and final approval/authorization

• IT holds the purse strings when it comes to

security solutions

BOTTOM LINE: YOU CAN’T BE AT THE END OF

THE FUNNEL IF YOU’RE NOT AT THE

BEGINNING OF THE FUNNEL.


Appendix

20

SOCIAL MEDIA


81%

21%

27%

81%

32%

24%

20% 28%

16% 21%

Q. Which of the following social media do you currently use for work-related purposes? Check all that apply.


how the security buy goes down 6 30 16_2

Documents