IT practitioners are not considering a wide enough range of factors when investing in cybersecurity.
Business objectives were found to be most influential in choosing a specific technology, cited by 73 percent of respondents. Security risk took a close second with 68 percent of respondents, while only 45 percent cited compliance with regulations.
In addition, 64 percent of respondents claimed cost and 56 percent performance and vendor support were the most important factors when investing in security technologies.
Interoperability, proven risk reduction and lack of complexity were not considered as important, with only 39 percent, 11 percent and 8 percent citing them respectively.
Seventy percent of respondents said it was difficult to calculate an accurate return on investment (ROI) for a given security technology, despite
70 percent of survey respondents believing it was a critical metric for investment, alongside total cost of ownership (TCO). Sixty-one percent also claimed the same of TCO calculations.
Some 15 percent of respondents said that their organisations did not use ROI or TCO at all. Of these, 56 percent used improvements in efficiency and 50 percent used reduction in downtime as ways to determine a technology’s viability.
The research suggested practitioners were making mistakes with their choices, with 90 percent of survey respondents saying that their organisation had invested in a security technology that was ultimately discontinued or scrapped before or soon after deployment.
31 percent of security technologies purchased over the past 24 months by organisations surveyed were never fully deployed.
"As cyber threats increase, it is troubling to see so many cybersecurity tools purchased by organisations end up as shelfware," said Greg Boison, director of Homeland & Cybersecurity at Lockheed Martin.
Boison added: "When cyber dollars are scarce, organisations should not only evaluate which tools their enterprise needs, but whether they have the internal and external resources to deploy, maintain and leverage them."
The research polled 618 U.S.-based senior IT practitioners from a variety of sectors, including financial services, the federal government, healthcare, utilities, energy, and pharmaceuticals.