As global economic uncertainty remains elevated, businesses across the tech sector are feeling the pinch. While the cybersecurity industry is often touted as one of the more resilient markets, it is still not immune to the impact of macroeconomic challenges as customers tighten their belts.
Layoffs among leading cybersecurity vendors have made headlines in recent months, but other indicators, particularly a customer acquisition slowdown, offer additional warning signs that security vendors are facing business challenges.
Cloud security company Zscaler is one of many vendors grappling with a deceleration in billings as its enterprise customers look to cut spending.
In quarterly earnings call last week, executives at the San Jose, California-based vendor revealed that they expect a 9% sequential decline in billings in the coming quarter due to "new customers being more deliberate about their large purchasing decision," according to comments from Jay Chaudhry, the company's founder and chief executive. According to FactSet data, of the 41 analysts who cover Zscaler, 20 lowered their price targets following the call, shedding light on Wall Street concerns over the impact of increased economic headwinds facing the cloud security firm.
Zscaler isn’t the only security vendor finding it harder to lure new customers these days. Okta, a cloud-based identity and access management company, also said in a recent earning call that organizations are becoming more conservative when making long-term purchases, causing the business to shift its focus towards retaining and upselling existing customers rather than acquiring new ones.
One consulting expert who worked with many CISOs further confirmed companies' cut on security spending.
“Many of our clients are talking about budget cut amid the current economic situation, and they are actively looking at ways to achieve their objectives with minimal cost,” said Gerard Onorato, managing partner at risk management services firm Bridge Security Advisors.
Existing customers look to consolidate
Onorato said it is important for security vendors to learn about what CISOs truly need during tough economic times.
That's where understanding vendor consolidation trends in business comes into play, said Fernando Montenegro, a senior principal analyst at tech research and consulting firm Omdia. More and more organizations have shown interest in vendor consolidation over the past years as security leaders are increasingly dissatisfied with operational inefficiencies, while the current economic uncertainty provides added motivation to cut costs. According to tech consulting firm Gartner, 75% of organizations actively pursued vendor consolidation in 2022, compared with only 29% in 2020.
"Managing a large number of vendors is very expensive for organizations, so if you are CISO and are going through a challenging economic time with a tight budget, you are well-inclined to reduce your vendors and collaborate with the ones that can do multiple things," said Montenegro.
Security leaders also tend to favor vendors with broad portfolios of solutions or services, as they can effectively help reduce IT complexity and improve risk posture, said Pamela Fusco, former CISO at Apollo Education Group, Merck Pharma, and Digex.
A joint report by Broadcom Software and Harvard Business Review Analytic Services in 2022 backs that up, showing that 70% of executives worldwide consider IT complexity a growing challenge since 2020, while 85% say addressing it is their top priority. In another survey from Enterprise Strategy Group focused on technology spending intentions for businesses in 2023, more than a third of respondents cited the "increasing and/or changing cybersecurity landscape" as a top contributor to their IT complexity.
Jon Watts, VP analyst at Gartner, said in a report last year that consolidation should take at least two years as security leaders need time to figure out a way to effectively manage incumbent vendor switching costs. On a positive note for vendors, this gives them more time to adjust their sales strategy and product portfolios.
Besides developing a wide range of high-quality products, Fusco added that security vendors should invest more time and resources into building "person-to-person trust relationships" with companies' executives. This can involve measures like providing consistent monthly reports to security leaders, informing them how the products helped organizations gain greater efficiencies. In this way, CISOs can use the information as references when reporting and negotiating budgets with the board, she noted.
She also highlighted that doing upsell or cross-sell like Okta or providing ramp deals like Zscaler is a smart sales strategy.
"If you [vendors] offer us [CISOs] a little bit more value during our tough times, we are going to come back to you when in better times. That's called a trusted relationship," Fusco said.
