Survey Report: "Information Security Product Purchasing Behavior Survey 2026" Published

IT Communications Co., Ltd. (Location: Chiyoda-ku, Tokyo, President: Hiroshi Kato) has conducted the "Information Security Product Purchasing Behavior Survey 2026" and published the results and insights as a survey report.

As cyberattack threats diversify and become more sophisticated, information security in enterprises is growing in importance. However, due to the specialized and complex nature of the products, vendors face the challenge of "how to approach target customers and get them to choose our products."

Therefore, to visualize the realities of purchasing behavior—such as what information sources customers use to advance their consideration when deploying information security products, and what hurdles exist in the internal approval process—a survey was conducted, and a report summarizing the results and insights was published.

Approximately 70% of the projects IT Communications has supported to date involve B2B IT companies, giving the firm abundant practical knowledge in the IT industry. For information security products, which are specialized and prone to prolonged consideration periods, we believed that our strong track record in IT industry support would allow us to visualize authentic purchasing behaviors and provide strategic hints directly tied to solving on-the-ground challenges, which is why we conducted this survey.

We hope this report will contribute to the strategy formulation of marketing professionals handling information security products.

Survey Summary
- Nearly 70% of considerations start due to "sudden/external factors" such as incident occurrences.
- Comparisons are mostly made within "3 companies or fewer." Gaining top-of-mind awareness during normal times is key to making the shortlist.
- Information gathering occurs across various channels, and preferred channels differ by job title.
- The barriers to internal approval are "Return on Investment (ROI)" and "Cost." Visualizing risk is effective in overcoming these.
- The final deciding factor for deployment emphasizes operation-related aspects—combining "reduction of operational load" and "support system"—more than cost.
- Preventing prolonged consideration requires multifaceted approaches tailored to the behavioral characteristics of different "job titles."
- Gaining and maintaining recognition is key to entering the comparison phase of "3 companies or fewer."
- "Risk visualization" and "reduction of operational load" are effective against internal approval barriers.

Survey Overview
Purpose: To provide hints useful for solving marketing challenges based on the actual conditions of information security product purchasers.
Target: Information system managers involved in the deployment of information security products (ages 25-59).
Period: Friday, March 27 to Saturday, March 28, 2026.
Method: Internet research.
Number of Respondents: 542.
Report URL: https://na2.hubs.ly/H05Xs940

Report Content
Survey Overview
Respondent Attributes (sales scale, number of employees, industry, job title, position during selection)

Survey Results
Triggers for starting consideration
Period from consideration to deployment
Annual cost of deployed products
Channels and media utilized for information gathering
Number of services compared
Reasons for selecting product candidates
Deciding factors for deployment
Reasons for not selecting certain candidates
The biggest barriers during internal approval
Effective materials for overcoming internal approval barriers
Expectations for security vendor sales representatives
Content desired in the future

Insights by IT Communications
About IT Communications

Survey Results (Excerpt)
Nearly 70% of information security product considerations start suddenly.
Adding up external factors such as internal incidents, accident reports, and legal developments accounted for nearly 70%. It shows a situation where companies were forced to suddenly start consideration due to "external factors and sudden events" rather than "pre-planned regular reviews."

Information security product consideration tends to be prolonged.
64.4% of the total took 6 months or more from consideration to deployment, making it clear once again that these are products prone to prolonged consideration periods.

Many companies narrow their selection candidates to 3, and considering 4 or more tends to prolong the process.
The number of compared services was concentrated at "2 companies" and "3 companies," with these two options accounting for 53.9% of the total.
Furthermore, looking by consideration period, cases that evaluated candidates among "2 companies" or "3 companies" often reached deployment in under 2 years, whereas evaluating 4 or more companies showed a tendency for the consideration period to prolong.

Proactive information gathering is conducted across various channels.
It was found that proactive information gathering occurs across various channels other than sales consultations, and multiple media are viewed during the prolonged consideration period.
The top sources are product websites, exhibitions, and seminars, showing a trend of valuing primary information.

Information gathering methods tend to differ by job title.
Looking at information gathering channels by job title, it was found that department head-class individuals are the most proactive in gathering information.
Also, looking at the responses by each job title, department heads