Companies will have to change the way they sell security products, analysts have advised.
The security-selling problem stems from IT staff and management executives holding different views on what constitutes a return on investment (ROI).
"IT and security staff take a broad view of ROI: if you can sleep well at night that's a return on investment," said Tom Scholtz, vice president of security and risk strategies at the Meta Group.
"But for an executive there's a different view. They need to know either: 'How much are we saving?' or 'How much extra revenue will this generate in the short or medium term?'. The channel needs to build cost benefit analysis that merges the two views."
While quantifying some areas of return on a security investment can be difficult, there are metrics available.
Vendors should research solid figures on the specific cost savings that a new product or service will bring and then build in the costs of downtime and long-term damage to brand, without using scare stories.
In the longer term, security companies need to improve their after-sales service. Long-term sales are built, in part, on brand reputation. This, in turn, is built by making sure the product works as promised and maintaining contacts after a sale to show the continuing benefits.
"The biggest challenge for the vendor is fulfilling the promises made years ago," said Jon Collins, associate at analyst Quocira.
"Any sale of a new technology has to be about reducing costs and helping to fulfil the promise of existing IT infrastructure."
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally