March 24, 2023
Investing in cybersecurity can be costly for organizations but is essential in today’s risky environment. With a myriad of confusing pricing models, determining your cybersecurity spend shouldn’t be another threat. Learn some simple steps to feel more secure in negotiating cybersecurity pricing.
Contact us to further discuss this topic or for questions.
With demand for cybersecurity services skyrocketing in recent years, budgeting decisions have moved beyond IT discussions to C-level conversations by the boards of the largest enterprises.
This focus at the highest levels, along with the rapid evolution of cybersecurity technologies and services, has brought an unintended pain point – unwieldy cybersecurity pricing structures with a great deal of overpricing by providers.
The problem is exacerbated by a few practical issues, including:
- Vendors using different pricing models for the same service: For instance, pricing for Managed Detections and Response (MDR) solutions varies with CrowdStrike and Red Canary having per endpoint pricing, Sophos offering per user pricing, and Rapid7 following an asset-based pricing model
- Inconsistency in defining unit-based pricing metrics: Even for seemingly commonplace services such as security information and event management (SIEM), some vendors consider peak values of events per second (EPS) while others consider average values
- Semi-asset heavy pricing nature: Pricing is frequently a bundled black box with provider-financed licenses for cybersecurity platforms
It is not surprising that most enterprises we spoke with in the last twelve months were unsure whether they had struck the right deal with providers for their cybersecurity spend. Let’s explore this further.
Steps to achieve clearer cybersecurity pricing
Despite the nebulous structures, transparency in cybersecurity pricing can and should be achieved by following these four simple steps:
- Break the black box fee into logical components such as transformation costs, license costs, run fees, and project management office (PMO) charges
- Break the run fee to the lowest unit level, such as per endpoint for antivirus or per IP address for vulnerability management
- Benchmark the run fee pricing at this unit level
- Benchmark pricing of transformation costs, license costs, and PMO charges to achieve maximum benefits
The potential savings that can be realized by going through this process can be substantial, as illustrated in this example of a large natural resources company that had a standalone cybersecurity services relationship with a Tier-1 IT service provider.
The relationship had comprehensive coverage across the security value chain (including endpoint security, host intrusion prevention, endpoint detection and response, identity and access management, cloud security, firewalls, email gateways, network intrusion prevention, security information, and event management).
The provider financed licenses for CrowdStrike and Netskope, while the client financed licenses for other platforms such as Symantec and Palo Alto Networks. The contract had a black box fee model for a defined range of volumes (number of endpoints, firewalls, gateways, EPS, etc.).
Working closely with the client through the four-step process described above, we benchmarked the current cybersecurity spend. As a result, the client locked in a 16% spend reduction at renewal, even though the general pricing trend in the industry was clearly inflationary.
For more cybersecurity pricing tactics to increase contract efficiency and competitiveness, please reach out to [email protected] and [email protected].
Hear from our pricing experts as they discuss recent pricing trends, key tactics enterprises use to keep their software spend in check, and the outlook for software and cloud pricing in 2023 in this webinar, Software and Cloud Pricing and Contract Negotiations: Keep Spend in Check.
