Key point: Only 5 percent of surveyed organizations fully trust their cybersecurity providers; many cannot systematically assess trustworthiness.
A Sophos survey of 5,000 IT and security decision-makers across 17 countries documents significant trust deficits toward cybersecurity providers. Only 5 percent of enterprises fully trust their suppliers.
The study conducted by Sophos gathered responses from 5,000 IT and security decision-makers in 17 countries and documents a systemic trust problem in the cybersecurity industry. With only 5 percent expressing complete trust, an overwhelming majority shows skepticism toward their current and potential security providers.
This significantly exacerbates the procurement situation for CISOs. Organizations must build their security architecture on the basis of suppliers they trust only marginally. This increases requirements for audits, compliance evidence, and continuous monitoring of supplier behavior and performance—a demanding administrative overhead that simultaneously complicates risk assessment.
Another problem is that many organizations have not developed clear criteria for assessing trustworthiness. This makes it difficult to transparently decide which providers may be integrated into critical infrastructure or data repositories. In the context of increasing regulatory requirements—such as the NIS2 Directive—this becomes a conceptual risk, since supplier assessment is a core component of the obligation to provide evidence to supervisory authorities.
Source: itwelt.at · Published June 3, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrase and classification by Lumi News Pipeline v1.2.9.