IBM and Palo Alto Networks Warn of Rising Security Costs

The proliferation of cybersecurity tools has created an operational crisis for enterprises, with companies struggling to manage an expanding array of defensive technologies. As cyber attacks increase in frequency and sophistication, organisations are being forced to deploy multiple security solutions across cloud, network and endpoint environments.

This fragmentation of security infrastructure has led to increased costs and reduced effectiveness, according to new research from global technology provider IBM and network security firm Palo Alto Networks. According to the study, organisations are facing mounting costs from fragmented security systems, with complexity reducing operational effectiveness by 5% of annual revenue.

The findings emerge as enterprises grapple with securing hybrid work environments and cloud migrations, while defending against ransomware and state-sponsored threats. Security teams now manage applications across multiple clouds, remote workforces and traditional on-premises infrastructure, creating gaps in visibility and control.

The study by IBM’s Institute for Business Value reveals organisations typically manage 83 different security products from 29 vendors, creating operational inefficiencies that hamper threat response capabilities.

IBM and Palo Alto Networks study shows impact of security fragmentation

For a company with US$20bn in annual revenue, the companies’ report that security fragmentation costs approximately US$1bn through reduced productivity, delayed digital transformation, and reputational damage, according to the research conducted across 21 industries.

Mark Hughes, Global Managing Partner for Cybersecurity Services at IBM, says: “Organisations continue to be challenged with updating their security posture to address new threats, while simultaneously being pressed to reduce complexity and decrease spend.”

The research indicates 52% of security executives identify solution complexity as their primary operational challenge, with 80% reporting pressure to reduce security costs while improving defensive capabilities. Three quarters of respondents state that improved security integration is essential for digital transformation and governance.

Platformisation approach demonstrates measurable benefits

Organisations that have consolidated their security tools into unified platforms report significantly improved threat detection speeds. The mean time to detect security incidents decreased by 72 days, while containment time reduced by 84 days compared to organisations using fragmented solutions.

The study reveals that seven out of 10 companies implementing a platformisation strategy achieve improved cybersecurity outcomes and operational efficiencies. In contrast, 80% of organisations without platform-based security report difficulties managing the volume of threats and attacks.

Karim Temsamani, President of Next Generation Security at Palo Alto Networks, says: “We have seen the positive impacts of adopting a platformised approach to security, and the benefits of what it delivers to organisations. In today’s AI-fueled world, strong partnerships are more essential than ever.”

AI integration drives security platform evolution

The move toward integrated platforms comes as artificial intelligence reshapes the security landscape. The study reveals 90% of executives plan to implement, optimise or innovate with AI security tools within two years.

Organisations using platform-based security report up to four times better return on investment from their cybersecurity spending. The research indicates these improvements stem from enhanced data analysis capabilities and streamlined operational processes.

The increasing interconnectedness of systems has expanded attack surfaces and created vulnerabilities. The study notes that both defenders and attackers now use AI technologies, creating competition in cybersecurity capabilities.

IBM and Palo Alto Networks partnership addresses integration challenge

The two firms have established a joint Cyber Range facility in Cambridge, Massachusetts, where organisations can test their security responses and train staff on consolidated security platforms. The facility supports continuous improvement and change management as companies transform their security operating models.