AI’s effects continue to ripple far and wide in cybersecurity, touching on everything - from the threats organizations face to the tools they use to defend themselves. They are also changing the relationship between security teams and their vendors and, consequently, opening up opportunities that MSSPs should pay attention to.
Among the key trends uncovered in
The Hoffman Agency’s survey, “
Fast Decisions, High Stakes,” organizations are planning to increase their cybersecurity spending in the next 12 months, and many will be looking for a new security tech supplier. In addition, the time between deciding to buy a security product and making the purchase is shrinking.
Organizations are always being warned of new threats, bad actors, and vulnerabilities, but the use of AI in cyberattacks is escalating the situation, the report’s authors wrote. They pointed to
Anthropic’s Claude Mythos Preview frontier AI model and its capabilities to find security flaws and to develop exploits for them.
“Describing cyberthreats as ‘evolving’ is common enough to be a cliché,” they wrote. “But this is different – it could be a revolution. As a result, many organizations will be reviewing their cybersecurity vendors and the solutions they provide and asking some difficult questions of their current providers. They may decide that they need more protection, or even that they need a new provider that can offer better value for money.”
The buying process is changing for cybersecurity providers
The report’s findings, based on a survey of 500 cybersecurity decision-makers in the United States, the U.K., France, and Germany, indicate that 67% plan to grow their security investments, and 62% want to work with a new cybersecurity provider in the next few years. While the top reason for the change, according to 55% of respondents, is to improve how they respond to threats, 38% pointed to the need to secure AI systems.
The buying process is also changing. According to the report from Hoffman, a global B2B PR and tech company, the time from when IT and security executives decide that cybersecurity is necessary to deciding on what a vendor can deliver, purchases take an average of seven months. However, a deeper dive found that 40% are making that decision in three to six months, and another 15% are taking only three months or less. Only 15% take 13 months or more.
“Given the level of investment, these are fast decisions,” the report’s authors wrote, noting that the average cost of security technology spend is more than $770,000.
The MSSP opportunity
The desire to change security tech providers and the speed with which buying decisions are made are two key revenue opportunities, according to
Florie Lhuillier, head of cybersecurity and senior vice president at The Hoffman Agency.
“The fact that 62% of organizations are looking for a new provider or to switch providers in the next year is good news for MSSPs, as those looking to increase sales are fishing in an abundant pool,” Lhuillier told MSSP Alert. “However, what’s even more significant is that 23% of respondents plan to invest in an MSSP in the next 12 months, while 30% are looking to replace their existing one. This represents a direct and immediate commercial opportunity.”
Regarding the compressed buying cycle, she said that “with most decisions made in less than six months, buyers need rapidly deployable, pre-integrated solutions. By bundling the top cybersecurity solutions that organizations want to buy, such as AI security, security operations, and identity access management, into a managed offering, MSSPs will be able to meet buyers’ needs quickly and generate recurring revenue.”
Hunting for strategic partners
The need to respond to threats, secure AI systems, and reduce costs are the key reasons organizations are looking for new suppliers, Lhuillier said. However, technology advances, keeping pace with increasingly sophisticated threats, and responding to an attack are the top three factors in organizations’ drive for new security technology.
“Buyers engaging suppliers early in the process also are reinforcing the shift toward MSSPs becoming strategic partners and driving their adoption,” she said, adding that “65% of buyers make contact with suppliers before the shortlisting phase, meaning they are looking for responsive partners who can help them think through their needs, provide answers quickly, and demonstrate their flexibility and willingness to meet a buyer’s needs.”
The ongoing talent gap in the security industry is also making MSSPs more attractive options. A third of those looking for a new supplier cited the shortage as a key driver.
Be fast, show proof
For those looking for a new supplier, the top reasons they reject a vendor are the lack of evidence that they’ve delivered success for businesses (44%) and slow responses (37%), according to the survey. Given that, it’s important that MSSPs can both respond quickly to organizations’ interests and provide case studies that are specific to the sector in which those organizations are in.
“Analyst and peer visibility is also critical,” Lhuillier said. “Industry analysts and direct peers being mentioned as the top three sources for both awareness and selection stages mean MSSPs need to ensure to be mentioned in analyst reports and peer conversations.” She also noted that integration and getting for the money being spent, even more than cost effectiveness, are the attributes that have the largest impact on buyers’ selections, so MSSPs that sell a unified management platform that is simple and can easily be integrated will have an advantage.
