Why do companies buy security technology? It seems like a harmless enough question, and the obvious answer would seem to be that companies buy security technology to protect themselves and their users.
But the larger question of when companies buy security technology is tougher to answer. This week, security vendor FireEye reported its third-quarter fiscal 2015 earnings and during a follow-up conference call with the financial community, CEO Dave DeWalt provided interesting insight into what motivates buyers.
Part of FireEye's business comes from its Mandiant incident-response division, which has been involved in some of the biggest breaches in recent memory, including those at Sony and Anthem. Apparently, there has been a bit of a slowdown in breaches lately, and that's leading to a slowdown in security orders for FireEye.
"After 18 months of elevated—what I call emergency—spending on advanced cyber-security, we're seeing customers take a more strategic approach to upgrading their security infrastructures," DeWalt said during his company's earnings call. "In years prior, it was this—I hate to call it an [oh, no] moment, but it's kind of an [oh, no] moment—and when it happens, they [customers] open up wallets and they change a little bit and the behavior changes."
Basically, DeWalt is saying that organizations have been reacting to threats after they have been disclosed and reported in the media.
DeWalt's comments are not all that surprising, are they? Reacting to threats is built into the DNA of all living creatures as the fight-or-flight response. That is, when encountering a threat, an organism will either fight or run away in order to survive. Given that organizations can't run away, the only real choice is to fight, and the knee-jerk response to fighting cyber-threats often is to acquire new technology and tools to combat cyber-risks.
I have long held [and publicly stated many times] that fear is a primary motivator for the security industry as a whole—fear over being breached and fear of being the next company in the headlines.
The constant stream of breach reports in the media (including here on eWEEK) has had an impact on organizations' sense of fear and impending doom, and apparently that is a business driver for security spending. No one wants to be the next victim, and that drives security spending.
Or, at least, fear has been driving security spending, as DeWalt blamed the recent detente between the United States and China on cyber-security for a slowdown in his company's orders. News of the detente means a potential reduction in risk and perhaps less fear, too—at least for a period of time.
While there is currently a small window of security optimism, the optimism will not impact the continued growth of the security business as a whole.
"Cyber-security will continue to grow; I know it will," DeWalt said. "I think there is some change afoot, and we'll see how long that lasts. Maybe it's just 30 days until the next big headline changes it."