Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

95% do not have full trust in cybersecurity vendors

April 2026 Information Security, Security Services & Risk Management

Sophos has released findings from a global, vendor-agnostic study (based on responses from 5000 organisations across 17 countries), examining one of cybersecurity’s most urgent and overlooked necessities: trust.

The Cybersecurity Trust Reality 2026 report is one of the most comprehensive studies of trust in cybersecurity and its impact on operational risk and board-level decision-making. It reveals a critical challenge facing CISOs: trust in cybersecurity vendors is fragile, difficult to measure, and increasingly shaping risk posture at both operational and board levels.

At a time of relentless cyberthreats, heightened regulatory scrutiny, and accelerating AI adoption, trust has become a defining factor in cybersecurity decision-making. Yet new research reveals that nearly all organisations report a lack of full confidence in their cybersecurity vendors, and many struggle to assess vendors' trustworthiness in the first place.

The independent study found that:

● 95% of respondents said they do not fully trust their cybersecurity vendors.

● 79% struggle to assess the trustworthiness of new cybersecurity partners, and over six in ten (62%) even find it challenging for their existing vendors.

● More than half (51%) report increased anxiety about the likelihood of a significant cyber incident as a direct result of a lack of trust.

These findings underscore a critical reality: cybersecurity effectiveness cannot be measured by technological performance alone, but also by the confidence that organisations have in the partners defending their business. For CISOs, trust gaps create operational friction, slower decision-making, and higher vendor turnover. Trusted cybersecurity partners reduce risk and build more resilient organisations.

“Trust is not an abstract concept in cybersecurity; it is a measurable risk factor,” said Ross McKerchar, CISO at Sophos. “When organisations cannot independently verify a vendor’s security maturity, transparency, and incident handling practices, that uncertainty flows directly into boardrooms and security strategies.”

The survey identifies verifiable security artefacts, including independent assessments, certifications, and demonstrated operational maturity, as the single greatest driver of vendor trust. CISOs prioritise transparency during incidents and consistent technical performance, while boards and senior leadership place greater weight on independent validation, certifications, and analyst performance.

The common thread is clear. Organisations want transparency backed by evidence, not blanket assurances.

“With regulatory pressure increasing globally, organisations must be able to demonstrate due diligence in vendor selection, especially where AI is involved,” said Phil Harris, research director, Governance, Risk and Compliance Solutions at IDC. “Trust is shifting from a marketing message to a defensible compliance requirement.”

As artificial intelligence becomes embedded in cybersecurity tools, services, and workflows, organisations are not only evaluating whether security solutions are effective, but whether AI is deployed responsibly, transparently, and with appropriate governance. Trust is no longer optional. It is foundational.

“CISOs are being asked to prove trust, not assume it,” added McKerchar. “Cybersecurity providers must do the same. Respondents to the survey cited a lack of accessible, sufficiently detailed information as the primary barrier to making confident assessments of trust. Trust must be earned continuously through transparency, accountability, and independent validation.”

These findings elevate trust from a brand attribute to a strategic imperative.

At Sophos, building and maintaining that trust is foundational. Through the company’s Trust Centre, Sophos aims to help security leaders make faster, more defensible decisions in an increasingly hostile threat landscape.

Visit the Sophos Trust Centre: https://www.sophos.com/en-us/trust

Read the full research report: https://www.sophos.com/en-us/content/cybersecurity-vendor-trust-survey-2026




Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

Claude Mythos wake-up call
Technews Publishing AI & Data Analytics Information Security
AI has crossed a critical cybersecurity threshold and frontier models are accelerating attack lifecycles and will enable attackers to identify and exploit vulnerabilities at scale and speed, through novel methods that were previously the domain of advanced nation-state entities.

Read more...
If you cannot prove identity, you cannot claim security
Access Control & Identity Management Information Security
Cybersecurity planning for 2026 is a structural change in how attacks are executed and how trust is exploited, demanding that companies stop layering tools on top of infrastructure and instead prioritise intelligence and identity.

Read more...
957 women killed in three months
News & Events Security Services & Risk Management
Despite years of summits, task teams and public commitments, South Africa’s femicide rate remains around five times higher than the global average, and too few are using the legal lifelines available.

Read more...
Africa’s opportunity to shape the future of human-centred AI
AI & Data Analytics Security Services & Risk Management
Across the Global South, countries are not yet locked into decades of legacy AI systems, energy-intensive infrastructure, or governance frameworks designed for a different technological era. That creates something rare in technology development: a cleaner slate.

Read more...
AURA appoints Taryn Winer as global head of people
News & Events Security Services & Risk Management
Following its €13,5 million Series B funding round last year and accelerating international expansion, particularly across the United States, AURA has appointed Taryn Winer as global head of people.

Read more...
Understanding the Shared Responsibility Model
Infrastructure Security Services & Risk Management
While the cloud can certainly be a growth enabler in many ways, it can also introduce new security risks. Companies want to have a clear understanding of where their security duties end and where their cloud service provider’s begin.

Read more...
Africa’s largest Zero Trust platform
NEC XON Information Security Commercial (Industry)
Africa has reached a significant cybersecurity milestone with the successful deployment of the continent’s largest Palo Alto Networks Prisma Access and Prisma Access Browser Zero Trust environment, supporting secure remote access for more than 40 000 users for a large enterprise in Africa.

Read more...
Supply chain attacks top threat over 12 months
Information Security
Supply chain attacks have become the most prevalent cyberthreat confronting businesses over the past year, according to a new Kaspersky global study, with nearly one-third of companies worldwide experiencing a supply chain threat in the past year.

Read more...
From vibe hacking to flat-pack malware
Information Security AI & Data Analytics
HP issued its latest Threat Insights Report, with strong indications that attackers are using AI to scale and accelerate campaigns, and that many are prioritising cost, effort, and efficiency over quality.

Read more...
NEC XON secures mobile provider’s hybrid identities
NEC XON Access Control & Identity Management Information Security Commercial (Industry)
For a leading South African telecommunications operator, identity protection has become a strategic priority as identity-centric attacks proliferate across the industry. The company faced mounting pressure to secure both human and non-human identities across complex hybrid environments.

Read more...











SMART Security Business Directory


While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.

Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.