The manager of Schlumberger's enterprise services security listed three reasons:
- There was a recent security incident
- There is a new regulation or policy in place
- The organization failed an audit recently
I'd add a fourth one, which is that everyone else is doing it. These days, people purchase firewalls, spam filters, and anti-virus software almost as a matter of fact.