Security is now the most influential factor in business software selection
With cyberattacks dramatically increasing over the last two years, Capterra surveyed business software buyers to find out if this affected their purchase decisions—and the impact was even bigger than expected. The survey revealed that security is now the single most crucial factor when searching for new software.
Not functionality, not ease-of-use, and not even price—security.
For those of us in the security field, this might feel like vindication. Businesses are finally prioritizing security and taking it seriously. While it could be that everyone has suddenly had an epiphany, it’s more likely that companies have been worn down by an onslaught of increasingly severe security threats over the last several years.
Cyberattacks Growing More Effective
Threat actors have grown more organized, patient, and ruthless in recent years making their attacks more effective than ever before. Take ransomware which has rapidly evolved from a straightforward, generally indiscriminate scheme into a highly targeted strategic attack that commonly incorporates elements such as data theft and DDoS attacks to add pressure and force victims to the bargaining table.
Massive software supply chain attacks such as SolarWinds, Log4j, and MOVEit have also exemplified the move toward more effective (and efficient) attacks. Instead of going after individual companies, attackers have realized that getting a single foothold in the software supply chain can result in access to the networks of hundreds, or even thousands, of companies.
Likewise, the humble phishing email has also become more effective, maintaining its status as a premier source of malware infection and credential theft. The age of poorly worded mass phishing emails has given way to spearphishing campaigns that target specific organizations using advanced social engineering techniques and leveraging multiple communication channels.
By now, most companies have been impacted by a significant cyberattack, and business leaders are keeping these experiences front-of-mind when shopping for new software. But what exactly are business software buyers looking for?
Companies Seeking Protection from Emerging Threats
Back to the survey, Capterra finds that the most wanted security features among business software buyers are data backups, security notifications, and data encryption.
Against rampant ransomware, it’s perhaps no surprise that data backups rank as the top must-have security feature. Data backups are critical for any modern business and help protect against threats such as cyberattacks, hardware failures, and natural disasters.
However, companies might develop a false sense of security when using SaaS providers, assuming that their data is safe and backed up in the cloud. This is not necessarily the case. Even if a vendor does offer backup protection, it’s worth considering a dedicated SaaS backup and recovery service for added security.
The second most desirable feature is security notifications. Businesses are looking for software that proactively alerts them to security threats such as network intrusions, compromised credentials, or needing to update a device. Ensuring that your software provider furnishes alerts helps to save your company precious time and react quickly to threats.
A key tool to protect sensitive information and mitigate data breaches, encryption ranks as the third most sought-after security feature. It’s essential for business software buyers to verify that data will be encrypted both at rest and in transit and to understand which protocols are used.
Buyers Demanding Stronger Authentication Measures
So, you’ve found it, the most impregnable application ever created with all the security features imaginable—now you just need to access it. Authentication will always be a security battleground and Capterra’s report shows buyers are looking for more robust options.
Beyond basic password authentication, more than half of buyers are looking for compatibility with software tokens (i.e., authentication apps). More intriguingly, biometrics and hardware tokens (e.g., USB keys) are being pursued by about 40% of businesses while one in four express interest in contextual/behavioral authentication options.
The increasing availability of (and demand for) strong authentication options along with emerging passwordless solutions like Fast Identity Online (FIDO) in new software products are paving the way to a much more secure future that doesn’t rely on problematic passwords. Still, compatibility with password-reliant platforms and legacy systems will continue to slow the path toward truly passwordless authentication.
Putting a Premium on Secure Software
Of course, there are many reasons beyond cyberattacks why companies are prioritizing secure software including rising regulatory requirements and growing data privacy concerns among consumers. But there is little doubt that an increasingly severe threat environment has hit home for many business leaders who are now willing to pay a premium for security when purchasing new software.
Zach Capers is the senior security analyst at Capterra, the #1 destination for organizations to find the right software and services, so they can save time, increase productivity, and accelerate growth. Formerly an internal investigator at a Fortune 50 company and researcher for the Association of Certified Fraud Examiners (ACFE), his work has been featured in publications such as Forbes, Business Insider, and Journal of Accountancy.