Kaspersky finds shift to security vendor consolidation

New research shows that most organisations still depend on several cybersecurity vendors even though this setup adds cost and makes day-to-day work harder. The study, titled Improving resilience: cybersecurity through system immunity, was conducted by Kaspersky and looks at how companies run security today, where the pain points are, and how they plan to change their approach. It covers organisations in Russia, selected European countries, Latin America, the Asia-Pacific region, and the Middle East, Turkey and Africa region. The results describe a common pattern: fragmented tools, higher operating effort, and rising interest in consolidation.

According to the report, 72% of organisations use a multi-vendor environment. In practice this means teams maintain different products with different consoles, rules and update cycles. The study finds that 43% of security professionals consider their stacks too complex and too time-consuming to keep running well. This burden shows up in daily administration and during incidents, when switching across tools can slow response and dilute focus.

Money is another pressure point. The report says 42% of organisations exceed their budgets because of overlapping solutions. Duplicate capabilities lead to extra licence fees and support costs. These overlaps also make planning less precise because teams find it harder to decide which product to keep and which to retire. When budgets are tight, waste in one area reduces room to invest in skills or controls that might better match current risks.

Integration gaps limit automation. The survey reports that 41% of respondents cannot automate important security tasks because their tools do not integrate well enough. Without smooth data exchange and shared workflows, staff must step in to bridge the gaps. Manual steps increase the chance of mistakes and tie up experienced analysts with repetitive work. In fast-moving incidents, these delays can increase exposure and lengthen recovery time.

Visibility is uneven in fragmented setups. The research notes that 39% of organisations struggle to maintain a consistent view of threats because telemetry from different products does not correlate cleanly. When data does not line up, analysts face blind spots and duplicated alerts. This weakens situational awareness and can prolong investigations as teams piece together events from partial or conflicting signals.

Despite these drawbacks, the multi-vendor model remains common. The report records that many respondents believe one provider could meet all their needs, yet only 28% have actually moved to a single-vendor approach. This gap suggests ongoing caution about relying on one supplier and concern about lock-in. It also reflects history. Over time, many companies added point tools to meet audits, close gaps, or handle new platforms. The result is a layered stack that is hard to unwind quickly without a clear plan.

The direction of travel is changing. The study finds that 86% of firms are moving toward consolidation. About one third, 33%, have already started to merge security tools into unified platforms. A further 53% plan to take this step within the next two years. The main goals are simpler operations, better integration, and more automation, with the expectation of faster response and lower overlap. Fewer consoles and tighter native links are seen as ways to reduce manual work and improve the quality of detection and investigation.

The report presents a consistent picture across regions. Organisations continue to balance the perceived coverage benefits of multiple vendors against the cost and complexity of running them. The data points to a growing view that tool sprawl has hidden costs in time, money and risk. Consolidation is being used to standardise processes, streamline case handling, and improve the ability to correlate data across endpoints, networks and cloud services. If managed well, this shift could reduce the number of handoffs in an incident and shorten the time from detection to response.