Gartner: Most businesses are dropping security vendors to improve cyber resiliency

A series of digital padlocks layered on top of each other

Many global organisations are actively trying to reduce the number of cyber security vendors they rely on in their technology stacks.

In total, 75% of organisations responding to Gartner’s research survey expressed dissatisfaction with their overall security posture as a result of relying on products from too many vendors.

The percentage of organisations looking to homogenise their security stack is up by 29% compared to last year’s results with the primary reason being to improve security, rather than budget restrictions.

Another of the main reasons why the figure has jumped in 2022 is that organisations report wanting to reduce the complexity involved with learning, using, and managing all the products they own.

“Security and risk management leaders are increasingly dissatisfied with the operational inefficiencies and the lack of integration of a heterogenous security stack,” said John Watts, VP analyst at Gartner. “As a result, they are consolidating the number of security vendors they use.”

“Cost optimisation should not be the primary driver for vendor consolidation,” he added. “Organisations that look to optimise costs must reduce products, licenses and features, or ultimately renegotiate contracts.”

For those who said they were not currently considering consolidating their security vendors, the two main reasons for the decision were time constraints and the partnership between them and the vendor being “too rigid”.


Cyber resiliency and end-user performance

Reduce risk and deliver greater business success with cyber-resilience capabilities


Gartner’s analysts highlighted solutions such as extended detection and response (XDR) and secure access service edge (SASE) as some ideal starting areas to begin consolidating vendors.

“Security and risk management leaders must consider XDR and SASE as compelling options to start their consolidation journey,” said Dionisio Zumerle, VP analyst at Gartner. “SASE provides secure enterprise access, while XDR focuses on detecting and responding to threats through increased visibility on networks, cloud, endpoints, and other components.”

Gartner reported that 41.5% of survey respondents plan to have adopted SASE solutions in their organisations by the end of the year, and 54.5% of respondents plan to have implemented XDR before 2023, too.

Most organisations (57%) also report being able to resolve security issues faster after implementing XDR and a similar proportion said SASE simplifies policy management while improving security.

“Security and IT leaders should plan at least two years for consolidation as it takes time to effectively consolidate and consider incumbent vendor switching costs,” said Watts. “It is also important to anticipate vendor merger and acquisition disruption as the security market is always consolidating but never consolidated.”

Connor Jones
News and Analysis Editor

Connor Jones has been at the forefront of global cyber security news coverage for the past few years, breaking developments on major stories such as LockBit’s ransomware attack on Royal Mail International, and many others. He has also made sporadic appearances on the ITPro Podcast discussing topics from home desk setups all the way to hacking systems using prosthetic limbs. He has a master’s degree in Magazine Journalism from the University of Sheffield, and has previously written for the likes of Red Bull Esports and UNILAD tech during his career that started in 2015.