Written by Sameer Khakhar, Deputy CISO, Shriram Finance Limited

The cybersecurity market is undergoing a massive shift in how value is measured. The days of "buying for innovation's sake" are closing as the focus moves from experimental features to hard, measurable outcomes.

Here is the current landscape of enterprise security spending:

The "Death of the Experiment" Era
Budget growth has slowed from ~8% to 4–5%. About 55% of CISOs are operating under flat budgets while still being expected to manage AI risk, identity sprawl, and regulatory pressure. The money is there, but the tolerance for vague ROI is gone.

The Survival Tier List
CISOs are now categorizing vendors into three distinct buckets to manage tool sprawl:

* Mission Critical: Essential for core operations.
* Strategic Consolidation Candidates: Platforms that can replace multiple point solutions.
* Nice-to-Have Innovation: This category is currently getting crushed.

What’s Winning (and What’s Dying)
The market has shifted from experimentation to strict prioritization.

* What is getting funded: Identity security (ITDR), AI governance, cloud security consolidation, exposure management, data security, and platforms with broad workflow coverage.

* What is struggling: Narrow point solutions with unclear differentiation, "dashboard companies," and products that increase analyst workload instead of reducing it.

The Renewal Trap:
Renewals are now harder than initial sales. CISOs are willing to pilot innovative vendors, but renewal scrutiny is brutal. If you cannot show deployment, workflow integration, and measurable risk reduction, you're out.

The future of cybersecurity spend belongs to solutions that prove:

• Reduced risk
• Better efficiency
• Stronger governance
• Clear ROI
• Faster operations

The market has moved from experimentation to prioritization.

My question to leaders and practitioners:
What matters most in your organization today — tool consolidation, measurable ROI, automation, or stronger security outcomes?