Should security vendors offer product guarantees?

A new Vanson Bourne survey of 500 businesses in the UK, US, France and Germany revealed that nine in ten companies want to see IT security vendors offer a guarantee on their products and services, and 85 per cent claim they would change providers if they could find an alternate IT security vendor who offers a guarantee.

An earlier survey revealed that whilst 85 per cent of businesses globally use antivirus products on all their company endpoints, 48 per cent admitted that their organisations had still fallen victim to a ransomware attack.

53 per cent believe that security vendors are losing the battle against cyber criminals, illustrating the level of despondency amongst users. Similarly, almost eight in ten respondents (79%) profess that if security vendors were confident in their products they would guarantee them.

The common reaction of businesses to the failure of traditional security tools to protect them against data breaches has been to turn to mitigation rather than defence. Cyber insurance companies have been one of the beneficiaries from this approach, with 15 per cent of companies claiming to have taken out cyber insurance to help mitigate the cost of attacks.

The impending EU GDPR regulations and the threat of fines of up to €20 million, or 4 per cent of turnover is causing another 52 per cent of those that don’t currently have insurance to investigate the possibility.

US companies are much more likely to already have cyber insurance in place than European ones; 72 per cent of organisations globally already possess cyber insurance, but just 49 per cent of UK companies have such policies, representing a lucrative new business opportunity for the insurance sector.

“This survey should be a wake-up call for the security industry. It has long been an anomaly that security vendors have avoided shouldering any part of the blame when products don’t work, when in most other businesses product guarantees are the norm. Taking responsibility when security technology fails would prevent vendors focusing on sales and marketing hype that give businesses a false sense of security. It would also encourage the industry to stop selling snake oil and ensure that security technology innovation keeps pace with that of fraudsters and cybercriminals,” said Tony Rowan, Chief Security Consultant at SentinelOne.

Original article

Shares