Updated: May 14
Data breaches are striking fear into the minds of technology users, and companies are scrambling to install cyber security to keep them from becoming the next front-page “Hacked!” news story. With so many different cyber threats which all need to be addressed simultaneously, many organizations are opening their checkbooks and rethinking their entire security environment.
Consider the following:
Research shows that the cost to respond to and remediate a data breach averages $4M
The FBI reported a 300% uptick in reported cyber-attacks from 2019 to 2020
Some 63% of organizations that experienced a recent cyber-attack identified the shift to remote working as a leading cause for the uptick
The number of security-related deals at ClearEdge surged 33% in 2020, and total spend in this segment grew by 69% year-over-year
Cyber security suppliers have capitalized on buyers whose priority is rapid deal execution over getting the best price.
The following chart shows the suppliers with the highest year-over-year increase in case volume that we saw. Notice the significant increases across multiple categories of security solutions, including endpoint security, web and cloud security, network security, identity security, and access management solutions.
Besides the surge of customers rushing to protect their organizations, the other two major trends we’ve observed in the security space are: vendors are hiking prices and pushing multi-year agreements to lock in customers.
Naturally, customers are feeling vulnerable after the FireEye and SolarWinds hacks. Users of these particular solutions are wondering if they should switch to other vendors. Suppliers are taking advantage of this panic and increasing list prices at a higher rate than usual, including Broadcom, Palo Alto and Infoblox. Spokesmen for these companies have blamed the hikes on a “market correction”, and claim they offered discounts that were “too competitive” in the past. And because they are intent on retaining their clients in this extremely competitive space, the vendors are moving away from one-year deals and renewals.
Example: Broadcom and Symantec
Since acquiring Symantec, Broadcom increased prices across the board by roughly 10%. Some clients reported seeing their maintenance renewals double in price. At the same time, Broadcom announced plans to cut about a billion dollars from its e-mail security budget, leaving many customers feeling less than secure. But because Symantec and Broadcom both pushed multi-year terms and subscription licenses, customers typically lack the flexibility to jump to another e-mail security provider, such as Proofpoint.
What Customers Need to Know
There are positive and negative aspects to subscription licensing. On the one hand, this model makes it easy for customers to add on to their original spend. In 2020, most companies had to buy additional licenses to cover everyone suddenly working from home, and the subscriptions model made these purchases simple. On the downside, overbuying is a big risk, because it's so difficult to downsize once you buy additional licenses. We urge clients to insist on contract language that protects against these situations.
We strongly advise clients to include competition in all security deals because rivalries are so fierce among the top suppliers, and there’s a plethora suppliers now chasing market share. This is a highly effective strategy because none of the suppliers offers the most advanced (or easiest to implement) solution in every product category. We’ve seen clients use Zscaler and Proofpoint to successfully compete against Microsoft, and vice versa. Customers are already buying from Microsoft, and many like how easily security items can be added to their current bundles.
A Success Story with Proofpoint
A recent case involved a client who was switching from Symantec over to Proofpoint. In this instance, Proofpoint believed the deal was theirs for the taking, but then the client brought in Microsoft as an alternative. This made Proofpoint feel threatened, and it offered the client the best discounts on their product that we've seen to date. So, even if you’re not actually going to buy from Microsoft, just bringing them in as a threat can cause another vendor to lower its price.
Also, customers should carefully weigh their need for the newest products against the switching costs and commitment levels they entail. Vendors are eager to build momentum around a new solution, and often provide bonuses and commission multipliers around sales of new products. When customers are renewing or buying older products and infer they might need the new products without making a firm commitment, we’ve seen sales reps pivot to include the new products while making the terms on of the deal more attractive. We don't advocate buying products that you don't need, but it is always a good idea to examine if there is a business use case for new products that a supplier might be pushing.
And lastly, customers can use multi-year deals as leverage. If a client is satisfied with their vendor, they should opt a long term deal, because the supplier will offer better discounts when they're able to lock you in for three or more years. In addition to discounts, we’ve seen suppliers offer incentives like price holds, or renewal caps of 0% - 3%, just to lock in a customer for the longer term.
A Success Story with Okta
One client was approaching the end of an existing term with Okta, and the contract stated that they were faced with a 3% price increase on a one-year renewal. There was no net new spend in the renewal – in fact, the client wanted to reduce their annual run rate, and Okta refused this request.
The client didn't have time to replace the Okta solution before the current agreement expired, but they were unhappy with the terms. They told Okta that unless the vendor reduced their price, the client would sign the one-year renewal that was on the table but use that year to migrate to the competing solution from Microsoft. When Okta was faced with the prospect of losing the customer, it backed down the price slightly, offered no concessions on a one-year deal, and asked the client to commit to a three-year renewal for a better deal. The client agreed to consider it, depending on the terms. Okta came back with a three-year renewal that removed the 3% price increase and added a multi-year promotional discount that lowered the client’s annual run rate by 48%.
While this outcome might not be achievable in every deal, it underscores how using competition and being willing to make a long term commitment can create the leverage to turn a bad spend into a smart one.
In closing, we offer you a snapshot of the competitive landscape in the security market today. These vendors are in a constant arms race to launch new solutions and keep pace with their competitors and an onslaught of ever-evolving cyber threats. In other words, the list of top players may be entirely different in next year.
For more information about achieving better outcomes with security suppliers, view our blog titled Leverage: The Key to Every Deal on our website, or contact your ClearEdge representative.
· Cory Ryan and Jake Dannin are ClearEdge Analysts.