The cybersecurity vendor marketplace is growing so crowded that some companies have been resorting to extreme tactics to get security executives on the phone to pitch their products, including lying about security emergencies and threatening to expose insignificant breaches to the media.
The aggressive tactics come as the cybersecurity market expands dramatically, with a "long tail" of thousands of vendors with niche specialties. These sales tactics can make it harder for overworked cybersecurity execs to find and stop real threats. It can also result in overhyped publicity about breaches and hacks that are actually minor, which confuses customers and consumers.
CNBC spoke with four top cybersecurity executives at Fortune 500 finance, health care and payments firms about unsavory practices from vendors. These executives all said they have been pressured by vendors and researchers who claimed — rightly or not — to have found a cybersecurity problem at their company. Some hinted at the possibility of negative news coverage if the executive did not listen to the vendor's full pitch.
Complicating the picture, many ethical hackers use their contacts with the company to report legitimate problems. One executive complained the noise makes it difficult to pinpoint the legitimate reports of infrastructure flaws that need to be fixed.