A Report by Conveyor

2024 State of Security Review

Table of Contents
Introduction
Executive summary
New era for the security role
Productivity is a top priority
Teams are craving better solutions
Chief Revenue Officer insight
Increase win rates with trust & security
AI as a competitive advantage
Appendix
Select A Section
Download The Report

Introduction

In March of 2024, Conveyor set out to uncover critical information about the security review process relating to B2B sales.

Here’s what we looked into: 

  • The changing nature of Information Security as a critical revenue player
  • Strengths and challenges of current processes
  • The gaps between InfoSec and Revenue teams (Pre-Sales, Sales) 
  • InfoSec leadership’s top strategic priorities in today’s uncertain economy 
  • Revenue preferences and perceptions of security review’s impact on deal cycles

We collected the data in this report using an online survey of 275+ InfoSec professionals, Pre-Sales Engineers, and Sales. Across leaders, management, and individual contributors. The appendix section at the end of this report breaks down the respondents’ demographics.

“So far, GenAI has delivered a lot of “wow” moments—but business leaders are ready to see results. 89% rank GenAI as a top-three tech priority for 2024. Winners are using it to invest in productivity and top line growth.”
- Boston Consulting Group

Executive Summary

For years, Information Security (InfoSec) teams had been largely separate from the Revenue function. Today, they are now a critical part of the selling process.

A transformation is underway.

Unfortunately though, investment, processes, and alignment have lagged. InfoSec and PreSales are still stuck in clunky portals, manually maintaining lengthy knowledge bases, and searching dozens of sources for the same answers - over and over. 

Teams struggle to meet new goals: like accelerating deals or positioning security as a competitive advantage. Especially with fewer resources and limited visibility into business impact they drive.

As budgets tighten and demands increase, choosing new tools is the only sustainable way to keep up with productivity needs. This report reveals key considerations to optimize efficient security review processes.

KEY TAKEAWAYS
A new era for InfoSec teams

Being part of the revenue process is no longer optional.

Teams are craving better solutions

InfoSec and PreSales teams are unhappy with results from the process and tech they use today - especially in terms of manual maintenance, repetitive tasks, and revenue insights.

Top priorities for security review leaders

Enhancing team productivity, insights, and analytics - specific to security review processes and how they relate to revenue.

Security review teams are turning to generative AI

Customer reviews are growing in complexity and volume. Teams are taking advantage of security-specific AI to speed up the deal cycle.

A new era for the security role

Being a part of the revenue process is no longer optional - new opportunities are emerging to better communicate the value and differentiation of security.

64%

of InfoSec respondents participated in a revenue or customer-facing activity over the last 12 months

Productivity is a top priority

We asked security review leaders to identify their top priorities in 2024. Their number one answer?

Productivity

Nearly 80% indicated that handling the increase in complexity and volume of reviews - tied to prospects or customers - is a major point of focus for their groups. 

It’s no surprise. Gartner’s Generative AI research recently found that 66% of IT and Infosec leaders expect GenAI to drive positive impact on the bottom-line financial performance.

Security review solutions should help InfoSec teams deflect customers to self-serve their questions. They should also recognize that not all customers get the same level of service. Meaning the dreaded questionnaire will never fully go away. 

Unfortunately, only 15% of individual contributors report being happy with their organization’s current process. Clearly there’s a disconnect between the expected and realized ROI for this tech. 

Hence why today’s leaders should audit their security review investments with strict scrutiny.

Top priorities for security review teams this year

1
Increase team productivity
2
Enhance security review analytics
3
Improve the customer experience
4
Improve review performance
78%

of leaders are focused on improving team productivity as a top priority

Teams are craving better solutions

End users and leaders across InfoSec and Revenue are largely aligned when it comes to satisfaction on current process:

  • They are challenged by inefficiencies
  • The end result is not driving security as a competitive edge 
  • Each review is not well-tailored to the customer at hand (some customers take up a disproportionate amount of time, others need white-glove service but don’t get it)

The core issue stems from the fact that InfoSec teams are not well resourced to handle increasing deal security loads. 

And current solutions add maintenance overhead with unwieldy knowledge bases and inaccurate answers. Another issue is siloed information sources: past questionnaires, help sites, policy docs are all in separate places with almost no consistency.

16%

of Revenue end users are satisfied with SLA turnaround times

13%

of InfoSec end users find their security review process efficient

InfoSec and Revenue are both unhappy with current security review processes

“On a scale of 1-10, how happy are you with your current security review process?”

Chief Revenue Officer

Financial Industry
1,000-5,000 Employees

"Complete eye-opening moment when we found out each Security partner is handling 100+ questionnaires per year.

We would so much rather automate that process and reuse the time to support our highest priority deals."

Increase win rates with trust & security

Buyer expectations are higher than ever. Forrester finds that 70%+ of the modern B2B buying journey is complete before ever talking to a sales team.

Clearly, customers and prospects crave transparency. Companies, though, are reluctant to give sensitive information away without first establishing trust. 

What’s new however is that winners are turning trust into a competitive and strategic advantage. 

The big shift comes from automating trust activities - like signing an NDA to access gated materials, watermarking documentation, or using CRM data to verify a contact. 

The impact is clear: pulling security review earlier in a deal reduces deal cycle times by 23% and boosts win rates by 42%. 

Gone are the days of using ARR thresholds as a solution for source constraints.

More companies are leaning into a fully transparent, but trustworthy, experience. The old hard-line approach of manually sending security information only based on each specific request that comes in falls flat with the new experiences consumers expect. 

Automation is now leading to happier customers and InfoSec/Pre-Sales teams working on the most valuable reviews.

Revenue teams experience:

3.1 Weeks
Average time spent on security review per deal
52%
Average time spent on security review per deal

By positioning trust and security earlier in the sale, teams experience:

23%

decrease in deal cycle time

42%

increase in win rate

AI as a competitive advantage

InfoSec and Revenue teams need more scalable, efficient, and effective ways to tackle security review. That’s how the next generation of AI tools will impact GTM workflows. 

Sellers are anxious to reap the benefits of these technologies, with 79% indicating they would like tools to personalize trust posture and security question and answering using generative AI.

A third (31%) of InfoSec teams have already started implementing AI in their GTM process, with another 24% planning to use it in the next 12 months. The biggest value driver for implementing new AI was increasing productivity. 

AI-backed technologies can not only decrease the time InfoSec spends responding to questionnaires, it also learns and auto-updates knowledge centers to reduce maintenance. AI can determine the best response, appropriate to each customer, with precision based on degree of trust afforded to that entity.

A best-in-class solution will understand, automate, and deliver personalized answers. This saves your InfoSec and Presales teams time so they can drive deal velocity, win more, and deliver an amazing customer experience. 

AI Will Transform Security Review Productivity

SUMMARY
A new era for InfoSec teams

For InfoSec teams, participating in revenue activities is no longer optional.

Positioning trust and security early increases win rates

Customers and prospects crave transparency. Companies need to lean into providing a personalized customer experience for trust and security early on in the sales process.

Because productivity is a top priority, teams are turning to gen AI solutions to embrace trust and security as a competitive advantage

Companies who are ahead of the game are embracing full transparency when it comes to sharing their security posture as a competitive advantage. A best-in-class AI solution will understand, automate, and deliver personalized answers at scale.

A new era of
security review

Conveyor helps InfoSec & Presales teams automate every part of the security review. See how.

Learn more about Conveyor

Appendix

Response Demographics