While software procurement can be expensive, time consuming, and pose financial risks, choosing not to develop security programs poses a more readily apparent security risk. That risk comes atop the risks of an expanding attack surface. If managing financial risk comes at the expense of implementing security programs for business-critical applications, the security risk can outweigh the immediate costs. Security is a top priority for businesses of all sizes. According to the survey, 50% of respondents said that the kind of security a software has is very important (the highest percentage of any consideration), and 88% say the kind of security the software provides is either important or very important. 97% of respondents involve a security stakeholder in the software purchasing process and more than four out of five consider a vendor’s history with breaches when evaluating new tools. Many companies have been forced to rapidly adapt to support remote and hybrid work environments. They’ve also been managing growing data security and privacy compliance requirements. Countless factors have spurred the need for numerous additional security initiatives despite a major shortage of skilled cybersecurity workers across the world. But despite the clearly significant value placed on security as a concept, the survey showed adoption of proper security procedures is not where it needs to be. There was no change in the average overall percentage of respondents who said their company requires a security or privacy assessment when purchasing software (83%). Fewer than one in four respondents who conduct security assessments involve information security (infosec) teams for conducting security or privacy assessments when evaluating software. Security innovation is outpacing adoption More than four out of five buyers consider a vendor’s history with security breaches when evaluating software. 2022 G2 Software Buyer Behavior Report 12
Software Buyer Behavior Report 2022 Page 11 Page 13