Email Security Software Costs Increasing as Cyberattacks Rise

By Kristian Tuinzing

Director of Client Services, NPI

June 29, 2021

Interested in learning more about NPI’s services?

Contact Us

The frequency of headline-grabbing cyberattacks is hard to ignore these days. Enterprise IT security teams and CISOs find themselves under increased pressure to ensure systems are safe – especially email, which remains one of the most common ways hackers infect IT environments. Recent reports from the FBI indicate that criminals are demanding more money than ever in cybercrime heists, and the indirect cost of security breaches continues to escalate. These dynamics are effecting cost increases on email security software – sometimes justified, but often not.

Companies like Proofpoint, Mimecast, and larger OEMs like Microsoft continue to develop innovative solutions to combat persistent email security threats. The solution providers are well aware of the value of the protection they offer and the urgency of the threats. One consequence that NPI has observed as we analyze purchases for our clients is an increase in Secure Email Gateway (SEG) market pricing in recent months.

Below are some tips to help enterprises keep email security software costs in check as they fortify their IT ecosystems.

Be Wary of the Value of New Technologies

Secure Email Gateways (or SEG) like those from market leaders Proofpoint, Mimecast, and Microsoft have long been the standard when it comes to enterprise email security software.  More recently, emerging technologies like AI-centric Cloud Email Security Supplements (CESS) from firms like Abnormal Security and even Cloud Access Security Brokers (CASB) from providers like Netskope have started playing in the secure cloud email space, adding new layers of protection to existing systems with little impact.

This means that email security is beginning to consume additional budget, and vendors know these solutions are in high demand as more security layers become standard for enterprise email. These are high margin software solutions, and NPI cautions firms to see if they’re paying prices that are above fair market value. One common problem we see is that buyers “love the tech” and communicate that to vendors early in the purchase process, tipping their hand and giving away leverage.

For Financial Services, Special Requirements Drive Over-Charging

The financial services industry has unique email governance challenges such as regulatory compliance around record keeping.  Features like support for different compliance standards that must be adhered to in different global geographics are a valuable selling point.

This is another case where NPI sees that vendors know there is a special need, which can cause prices to skyrocket if a vendor knows they’ve effectively “won the business” in any negotiations.

Security Training Is A Good Value-Add

NPI sees more and more enterprises considering solutions that are geared towards testing and preparing employees for real world phishing attempts that slip through automated email security gateways. Hard protection is key, but NPI suggests firms make sure it is supplemented with security awareness training to maximize value and efficacy.

While Proofpoint, Mimecast, and other providers can fulfill these needs, NPI suggests also looking at specialized vendors like Cofense (fka PhishMe), KnowBe4, and Wombat Security (now owned by Proofpoint), among others. This is an important component of any complete email security stack, especially as ransomware attacks become more prevalent.

Involve Competition When Purchasing or Renewing Email Security Software

While NPI recommends considering competitive elements in any major IT purchase or renewal, positioning alternatives is especially key around email security software solutions and awareness training. NPI finds in many cases that redundant solutions can be in place to cover different aspects, so vendors are typically more sensitive if they know there are multiple providers competing for the same business. Some enterprises favor a centralized approach, but it’s important to position at least some degree of uncertainty and doubt in any major spend.

Microsoft is an important competitor at the moment even if customers are not using its advanced email or ATP solutions. The vendor continues to invest in email security via acquisitions and organic R&D, and its presence in nearly every enterprise makes Microsoft a worthy competitive threat. Even if Microsoft’s solutions aren’t favored internally, positioning Microsoft against other vendors in email security plays can be an effective move given the company’s ubiquitous presence.

As always, conducting IT price benchmark analysis is one of the most effective ways to keep a check on any area of IT spend that’s in high demand – whether it’s for shiny new tech or a renewal of an existing solution. In both cases, pricing is notoriously inconsistent in the current SEG market and the risk of paying more than you should is high.

Have questions about email security software pricing? Let us know.