Security and data privacy are on the minds of software buyers right now, according to G2’s 2021 Software Buyer Behavior Report. Security is listed as the topmost important factor for mid-market and enterprise buyers when purchasing software, surpassing other factors such as integrations, scalability, and a one-year return on investment (ROI).

Source: G2 2021 Software Buyer Behavior Report 

So if security is now paramount, how are software buyers determining which software or software vendor meets their security and privacy standards? One way to do so is by conducting security and privacy assessments. This, I believe, signals a huge potential growth for the vendor security and privacy assessment software market.

Most companies now require vendor security and privacy assessments 

The G2 2021 Software Buyer Behavior Report further states that 83% of software buyers say their companies require a security or privacy assessment prior to purchasing software. Astonishingly, however, more than 40% of organizations in the technology and software industries report that they use manual processes to vet their vendors, according to a 2019 report published by the Ponemon Institute. 

Source: G2 2021 Software Buyer Behavior Report 

G2’s survey highlights that 53% of respondents say it takes fewer than three months to purchase software. This raises the question of how well those companies that use manual assessments are actually vetting their third parties when compared to companies that use automated assessment processes. 

Filling out and tracking security and privacy assessments manually can lead to user error, logging of redundant, obsolete, or incorrect information, document version control issues, and wasted time. Companies can automate this process by using vendor security and privacy assessment software.

Benefits of vendor security and privacy assessments include the ability for the company and the vendor third party to communicate in a shared platform, have access to the most current and historical documentation, and workflow functionality. Other benefits of this software can include security risk scoring. In addition to surfacing risk, this software can help companies quicken their sales cycles, as sales teams no longer have to chase down security and privacy questionnaires to close a deal. 

Common features of vendor security and privacy assessment software include:

How vendor security and privacy assessment software products measure up 

G2’s Vendor Security and Privacy Assessment Software category page ranks more than 60 products based on real product users’ reviews. To determine which vendor security privacy assessment product is the most appropriate choice, buyers can use filters on G2’s Grid^Ⓡ reports to filter product comparisons on factors such as company segment, from small business to enterprise, and view live versus trending products.

Return on investment (ROI)

In the Fall 2021 G2 Grid^Ⓡ Report for the Vendor Security and Privacy Assessment category, the product that reviewers cited with the fastest ROI was RFPIO with an ROI of 9 months, while the category average was 12 months.

Source: G2 Grid^Ⓡ Report, Fall 2021 for Vendor Security and Privacy Assessment Category, User Adoption and Return on Investment (ROI), released September 7, 2021

Reviewer satisfaction

In terms of user satisfaction as measured with net promoter scores (NPS), both Whistic and Drata earned top ratings of 100, showing that their reviewers are satisfied and are promoters of the products. 

NPS measures the satisfaction and loyalty of a company’s customers. A higher score is preferable. Scores in the 0-60 range represent detractors, 70-80 are passives, and 90-100 are product promoters.

What are users saying?

I analyzed the likes and dislikes cited in user reviews across all products in the Vendor Security and Privacy Assessment software category. I found that 57% of reviewers specifically cite usability and related terms as important in their reviews. Conversely, only 2% of reviewers mention cost and related terms as a dislike in their reviews. This underscores the fact that user satisfaction is more important than price when buyers are evaluating software options.

Source: User reviews in the Vendor Security and Privacy Assessment software category on usability and cost-related terms conducted in October 2021.

Anticipating growth in the vendor security and privacy assessment software industry 

Vetting vendors is becoming increasingly important for companies given the recent cyber attacks launched via vendor relationships. Examples include the SolarWinds attack and related software supply-chain intrusions. Similarly, a 2021 report noted that 51% of organizations have experienced a data breach caused by a third-party relationship.

To combat vendor-related cyber threats and data breaches, companies like Google, Salesforce, and Okta have come up with a security requirement called minimum viable security product (MVSP) in an effort to establish a baseline minimum security standard for software vendors.

In terms of consolidation in the market, on September 21, 2021, OneTrust, a privacy security and governance software vendor, announced its agreement to acquire the vendor security assessment provider, Tugboat Logic. I anticipate other large, well-known security and privacy companies to augment their existing product offerings to include vendor security and privacy assessments, especially with the growing number of cyber security threats facing companies, along with regulatory action on privacy regulation violations.