ISG to Evaluate Cybersecurity Services, Solutions Providers

Information Services Group announced that it has launched a research study evaluating providers of cybersecurity services to help enterprises protect sensitive data across hybrid architectures and strengthen cyber resilience.

The study results will be published in a series of comprehensive ISG Provider Lens reports, called Cybersecurity — Services and Solutions, scheduled to be released in July 2026. The reports will cover companies offering strategic security services, technical security services, risk-based vulnerability management, cybersecurity-related software platforms and other security-related solutions and services.

Enterprise buyers will be able to use information from the reports to evaluate their current vendor relationships, potential new engagements and available offerings, while ISG advisors use the information to recommend providers to the firm’s buy-side clients.

Enterprises in all industries are facing increasing pressure to secure complex, distributed IT architectures and respond to AI-enabled attacks. Simultaneously, regulators and corporate boards are demanding demonstrable cyber resilience and effective control of data. These dynamics are driving the adoption of strategic cybersecurity services that align with governance, risk and architectural priorities. Collectively, these trends are shaping security programs that have become integral to digital transformation agendas.

“The cybersecurity market is reorganizing itself into clearly defined capability domains,” said Heiko Henkes, managing director, ISG Provider Lens Research. “As regulatory demands expand, enterprises are seeking providers that can deliver cyber resilience through strategy, technical execution and intelligence-driven operations.”

ISG has distributed surveys to more than 350 cybersecurity providers. Working in collaboration with ISG’s global advisors, the research team will produce seven quadrants representing the cybersecurity services and solutions the typical enterprise is buying, based on ISG’s experience working with its clients. The seven quadrants are:

• Strategic Security Services (SSS), evaluating providers that deliver consulting-led cybersecurity services focused on strategy, governance, risk management and organizational transformation. These providers assess security maturity, quantify risks, define target operating models and develop cybersecurity strategies.
• Technical Security Services (TSS), assessing providers that design, integrate, implement and modernize IT and OT security technologies in multi-vendor environments. These providers should maintain strong partnerships with security vendors and hold specialized certifications.
• Next-gen SOC/MDR Services, covering providers of security operations centers that deliver continuous threat monitoring, detection and response. These providers also offer service models co-managed with enterprise teams.
• Risk-based Vulnerability Management, evaluating providers that deliver continuous vulnerability assessment and prioritization based on exploitability, exposure and business impact. They are assessed on their ability to help enterprises address rapidly evolving attack techniques through contextual risk analysis and ongoing reassessment.
• Post-quantum Encryption Consulting, assessing consulting-led providers that help enterprises prepare for the transition required to mitigate the risks associated with quantum computing. These providers examine cryptographic dependencies across the IT, OT, IoT and digital supply chain environments.
• Data Leakage/Loss Prevention (DLP) and Data Security, covering independent software vendors (ISVs) that develop proprietary solutions to discover, classify and protect sensitive data across endpoints. These ISVs are assessed on their ability to provide centralized governance, reporting and compliance support.
• Extended Detection and Response (XDR), evaluating ISVs that develop proprietary XDR platforms integrating telemetry, analytics and response capabilities. They demonstrate the ability to detect and block sophisticated threats and offer automated or semi-automated response actions.

Geographically focused reports from the study will cover the global cybersecurity market and examine products and services available in the U.S., the U.K., Australia, Brazil, France, Germany, Switzerland and the U.S. public sector. ISG analysts Frank Heuer (Germany and Switzerland), Bhuvaneshwari Mohan (U.K. and U.S. public sector), Yash Jethani (U.S.), Benoit Scheuber (France), Andrew Milroy (Australia) and João Mauro (Brazil) will serve as authors of the reports.

All 2026 ISG Provider Lens® evaluations feature expanded customer experience (CX) data that measures actual enterprise experience with specific provider services and solutions, based on ISG’s continuous CX research.

Source: Information Services Group media announcement