IT & Security — March 2026

The Storyteller Problem

Your security team doesn't want your pity anymore. They want your stage.

In February, we talked to 15 CISOs and CIOs—not the polished conference versions, but the ones in the thick of it, managing ransomware attacks, board pressure, and the slow erosion of budget credibility. Here's what jumped out: these leaders aren't asking for sympathy. They're asking for help telling a story that actually resonates with the C-suite and the business.

The shift is seismic. For years, security was the department that said "no." Now, the best security leaders are learning to say "yes—if." They're becoming business enablers. They're learning to frame cyber investment not as cost-avoidance, but as revenue protection and operational velocity. And those who can't make that transition? They're being shown the door.

This is your moment to understand what's actually happening in security leadership—because if you're a CMO trying to build trust with IT buyers, you need to know that the person across the table isn't thinking about compliance frameworks. They're thinking about how to keep the lights on, support growth, and survive the next board meeting.

The CMO takeaway: Security leaders have stopped waiting for you to understand them. They're learning to communicate in business terms. Your job is to meet them there—not with more security messaging, but with platforms that make their job easier and their story more credible.

Go deeper: Explore the full IT & Security Intelligence Profile for real-time buyer signals, language patterns, and competitive positioning data.

The Language Shift: From "No" to "Enable"

The data confirms it: Narrative scores jumped +0.40 (from a 3.60 baseline to 4.00). This is the biggest single-month increase we've tracked in security leadership sentiment. Meanwhile, Technology jumped +0.62—meaning they're not just talking differently, they're buying differently too.

Translation: CISOs are learning how to sell. They're becoming internal marketers. And the security solutions that win are the ones that make this easier—that make it possible for a CISO to walk into the boardroom and say "we're protecting growth at scale" instead of "here's why we need more budget."

The CMO takeaway: The security leader's biggest competitive advantage is no longer technical depth—it's narrative credibility. Help them build it. Platforms and solutions that come with built-in business storytelling templates, executive dashboards, and culture-friendly messaging will win. The ones that require security to "translate" for the business will lose.

The Buying Triggers (And Why They're Getting Darker)

Our baseline tells us that security teams make decisions when:

• A board member asks a question they can't answer
• A massive YoY budget increase fails to show results
• A breach forces the conversation after the fact
• Security becomes visible friction slowing down a business initiative

But here's the darker pattern: The most powerful buying trigger is now visible organizational trauma.

When a CISO realizes their tenure is shorter than the CFO's. When they see headlines about "mass CISO exodus." When they understand that saying "no" too many times means getting replaced by someone more "collaborative." That's when spending becomes urgent.

The secondary triggers haven't moved much:

• Board curiosity about cyber topics (especially material weaknesses)
• Growth initiatives revealing security gaps
• Post-breach budget materialization

But the energy has shifted. We're not seeing the careful, measured security budgeting of 2024. We're seeing panic-buying mixed with thoughtful investment. Organizations are simultaneously overspending on point solutions and underinvesting in foundational security because they're confused about what actually matters.

The CMO takeaway: If you're selling into security right now, understand that you're selling into fear + aspiration simultaneously. CISOs want to be heroes, not pariahs. They want to enable the business, not block it. If your pitch assumes adversarial thinking, you've already lost. The winning pitch is "this makes you look good in the boardroom."

Deal-Killers: The Red Flags That Disqualify Solutions

Security leaders are evaluating you. And they've gotten very good at spotting the vendors who don't understand their world:

1. Blanket messaging that ignores context: One-size-fits-all security communication doesn't work. A healthcare organization's narrative is different from a food & hospitality company's. The vendor who sees this gets the deal.

2. Technology that doesn't scale with organizational chaos: Daily cyber attack volume is paralyzing. Solutions that require manual workflows or don't integrate with detection layers (MFA, patching, identity, EDR) fail immediately.

3. Foundational security treated as secondary: Patching. It's boring. It's foundational. It's also where most breaches start. Vendors who minimize foundational work in favor of shiny AI solutions lose credibility fast.

4. Treating CISOs as technical buyers instead of business advocates: The CISO needs to sell your solution internally. If it doesn't give them narrative ammunition, it doesn't get bought.

5. Security as obstacle instead of enabler: If your pitch frames security as a necessary evil, you're already dead. Modern security leaders want to hear how you make the safe thing easy.

6. Relationship neglect: CISOs are people. They're exhausted. They're being blamed for things outside their control. Vendors who treat them like transaction partners instead of professional colleagues fail.

7. Asking for money in unusual ways: Phishing is rampant. So are social engineering attacks targeting procurement. Email security is paranoia, and it's warranted.

The CMO takeaway: If you're building security solutions, audit your sales messaging. Does it sound like it was written for a CISO, or for a security team? Does it make the sale easier, or harder? Can a CISO use your messaging directly with their board, or do they have to translate it? The ones that require translation won't get built into the budget.

Evaluation Criteria: What Actually Matters Now

This is where the data gets interesting. When we asked CISOs and CIOs what they're actually evaluating, we got two distinct categories:

What They're Evaluating in Tools:

• Optimal service for most value: This is the economic test. Can this solution do what we need at the cost we can justify?
• Security driven by culture, informed by risk, delivered by technology: This is the framework test. Does it align with how we think about security?
• Making the safe thing easy: Does this reduce friction or increase it?
• Foundational security: Can it handle patching, identity, basic hygiene at scale?
• Massive volume handling via automation/AI: Will it scale with our attack surface?
• Integration across detection layers: Does it work with what we already have, or does it create sprawl?

What They're Evaluating in People (Vendors):

• Top performers who ask smart questions: They want partners, not order-takers.
• The "thank you" metric: Do your employees appreciate the guidance you give them, or do they resent it?
• Researchers with real threat intelligence: Can you understand what's actually happening in the threat landscape, or are you selling yesterday's fears?
• Continuous learning orientation: Are you learning from your customers, or lecturing them?
• Paranoia as a virtue: Do you think like an attacker?

This is crucial: CISOs are now evaluating vendor teams, not just vendor software. The vendor who sends a paranoid, skeptical researcher to the relationship wins. The one who sends a salesperson with slides loses.

The CMO takeaway: Your security sales team needs to be staffed with people who've actually done the work. They need to ask harder questions than the client does. They need to challenge assumptions. This is the only way to build trust with a CISO who's been burned by vendors before.

The Buyer Mix: Who's Getting Louder

Our February cohort included:

• Cybersecurity specialists (4): Deep technical knowledge, high risk tolerance, fast decision-making
• Health Systems (4): Heavily regulated, compliance-driven, but increasingly focused on operational resilience
• Health Tech (1): Emerging risk profile, rapid growth mentality
• Financial/Professional Services (Food, Energy, Media, Legal, Travel): Mixed maturity, mixed pressure levels

The pattern: Regulated industries are moving faster than unregulated ones. Healthcare organizations are making bigger budget moves. Energy and financial services are close behind. But the real action is in hybrid organizations—the ones balancing growth ambition with regulatory pressure.

Cybersecurity-focused companies are the fastest movers (they have to be), but they're also the most cynical buyers. They know every trick. They want substance.

The CMO takeaway: Don't assume all IT buyers are the same. A CISO in healthcare is under different pressure than one in media. A CIO in energy is solving different problems than one in legal services. Segment your messaging. The vendor who sounds like they understand healthcare security regulations is the one who'll win in healthcare.

Structural Split: CISO vs. CIO

We separated our data by role because the differences matter:

CISOs (9 conversations):

• Focused on risk management and narrative credibility
• Deeply concerned about board perception and organizational respect
• Primary pain: being seen as obstacles instead of enablers
• Primary goal: explaining security value in business terms

CIOs (6 conversations):

• Focused on operational efficiency and technology integration
• Concerned about sprawl, legacy system management, and cost control
• Primary pain: security requirements conflicting with performance/usability
• Primary goal: building secure infrastructure that doesn't slow down business

This matters for your messaging. A CISO wants to hear "this makes you look like a hero." A CIO wants to hear "this reduces your ticket volume and doesn't break your stack." Same buyer function, different incentive structures.

The CMO takeaway: Don't write one security message for both roles. CISOs and CIOs are fighting the same battles from different angles. Your sales team needs to know the difference.

The Stable Metrics: What Hasn't Changed

Some numbers stayed flat:

• Operations: 3.40 (slight -0.03 dip): Day-to-day execution pressure remains constant
• Risk: 3.47 (slight +0.13 move): Risk awareness is persistent, not spiking

This tells us something important: The fundamentals are stable. CISOs and CIOs still care deeply about operational excellence and risk management. They're not abandoning the basics. They're just learning to frame them better and invest in technology to automate them.

The CMO takeaway: Solve boring problems really, really well. Patching. Identity management. Incident response. The vendors who make these unglamorous functions bulletproof will win the market, even if they never make it to the headlines.

March Playbook: What Security Leaders Are Planning

Based on our conversations, here's what's coming:

1. Board season intensifies: Expect questions about cyber spending effectiveness and material weaknesses. Security leaders are preparing narratives now.

2. Budget finalization: Q2 budgets are being locked in. The CISOs and CIOs who can tell a compelling story are seeing bigger allocations. The ones still saying "no" are seeing cuts.

3. Culture initiatives accelerate: Organizations are investing in security awareness and cultural change. They're moving past compliance training to engagement-based models.

4. Vendor consolidation conversations: Many organizations are tired of point solutions. They're asking about platform approaches and integration. The vendor who can reduce sprawl while increasing effectiveness wins.

5. Threat response pressure mounts: As attacks get more sophisticated, the gap between foundational security and advanced response widens. Organizations are scrambling to close it.

6. Talent challenges become visible: CISO exodus is real. Organizations are competing for leadership talent. Vendors who can help CISOs look good (and stay sane) have a competitive advantage.

The CMO takeaway: This is the season when security narratives get tested against business reality. If your vendor story doesn't hold up under board scrutiny, it won't get funded. Test your messaging against the hardest questions a CISO might face.

What to Watch: The Emerging Patterns

1. Technology adoption is accelerating, but integration is lagging: CISOs are buying AI tools, automation platforms, and advanced analytics. But they're not connecting them well. The vendor who makes integration easy wins.

2. Culture is the new battleground: Organizations that view security as a culture problem (not just a technology problem) are making faster progress. The vendors who help shape that culture have an edge.

3. Narrative credibility is a product differentiator: The ability to make a CISO look smart in the boardroom is now a core feature request. It's not the side benefit anymore—it's the main reason.

4. Foundational security is becoming premium: Boring security (patching, identity, MFA) is moving from commodity to premium because organizations are finally realizing it's where the risk actually lives.

5. The tenure gap is unsustainable: CISOs are burning out faster than CFOs. Organizations that want to retain security leadership need to help them win internally. Vendors who support that transition have an ally.

The CMO takeaway: If you're selling into security, you're not selling a tool—you're selling career insurance. Help the CISO keep their job. Help them tell a story that resonates. Help them look good in the boardroom. Everything else is secondary.

Data source: 15 security leadership conversations conducted February 2026, with baseline comparison to 35 historical conversations. Roles: CISO (9), CIO (6). Industries represented: Cybersecurity, Health Systems, Health Tech, Food & Hospitality, Energy, Media & Entertainment, Legal Services, Travel. Sentiment analysis across 8 factors tracked against monthly baseline. Language patterns identified through conversation coding and emerging vocabulary tracking.