CISO's Cant Find The Right People

A recent study by the upscale human talent acquisition agency Stott and May, featuring a panel of 55 security leaders from around the globe, has found that access to cyber security skills remains the number one barrier to strategy execution. 39% of the sample stated that a lack of internal security skills was their number one challenge with budget (30%), board level buy-in (22%) and technology (9%) called out as other notable hurdles.
 
Other key findings in the report include:
 
  •  Most respondents (76%) believe there is a shortage of cyber security skills in their company, however, the problem still seems more potent for mid-market and large enterprise businesses.
  •  Organisations are still struggling to source cyber security talent (72%) with no material improvement around time-to-hire from 2019. 
  • The business perception of cyber security is moving away from unnecessary expense (15%) towards strategic priority (54%) in the wake of well publicised breaches resulting in fines and reputational damage.
  • Customers are becoming more educated and demanding around the issue of cyber security, driving most respondents (69%) to conclude that their business feels that functions can add value to their companies’ overall proposition. 
  •  As more business move towards the cloud 54% of cyber leaders believe we will see an increase in incidents. 
  •  30% of security leaders are also looking internally for transferable skills first before going to the open market.
CISO’s are being forced to become more creative about how they leverage their finite resources with 46% of the sample stating that they believed that AI and Machine Learning could offer part of the solution in terms of automating more workloads.
 
Jim Rutt, CISO at the medical research organisation, he Dana Foundation, one of the participants in the research stated; “the first thing that most CISO’s are going to gravitate towards is trying to leverage some form of artificial intelligence or automation. There’s upside here in terms of making teams work a lot smarter and reducing the volume of manual tasks.”
 
Rutt did, however, explain that CISO’s need to be more hands on if automation projects are to realise their intended benefits. “Often the challenge is the burden on building these initiatives falls on the SOC team rather than the architectural or leadership teams. These individuals are less likely to understand, from an enterprise perspective, what they should be automating and where the priorities sit.” 
 
He continued; “CISO’s need to be looking at solutions that reduce manual work, but they need to really have skin in the game from a technical and process perspective about what’s going on and what is going to be viable.”
 
The report also touches upon the key challenges that sit in front of CISO’s in 2020. Outside of getting a better handle on the recent influx of remote workers and the aforementioned need for more automation, key themes also included; improving maturity around risk measurement and metrics, insider threat, asset management and API security.
 
 
The Stott and May Cyber Security in Focus Survey examines the key issues that have made an impact on the market over the course of this year. Respondents were asked to share their views across a wide range of issues including, but not limited to, the skills shortage, the boardroom perception of cyber security, talent attraction and the challenges associated with securing business in the cloud. You can access the full report here.
 
You Might Also Read: 
 
How Can Boardrooms Effectively Manage Cyber Risk?:
 
 
 
 
« Beware The Latest Malware
Coronavirus Phishing Scams »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

InformationWeek

InformationWeek

InformationWeek is the world's most trusted online community for business technology professionals like you.

Cyber adAPT

Cyber adAPT

Cyber adAPT offers a leading network threat detection platform (NTD) to the enterprise and ODM/OEM markets.

Applause

Applause

Applause provides real-world software testing for functionality, usability, accessibility, load, localization and security.

Communications Security Establishment (CSE)

Communications Security Establishment (CSE)

CSE is Canada's national cryptologic agency, providing the Government of Canada with IT Security and foreign signals intelligence (SIGINT) services.

HelseCERT

HelseCERT

HelseCERT is the health and care sector's national information security center for Norway.

MAD Security

MAD Security

MAD Security is a premier provider of information and cybersecurity solutions that combine technology, managed security services, support and training.

RedShield Security

RedShield Security

RedShield is the world's first web application shielding-with-a-service company.

DigitalXRaid

DigitalXRaid

DigitalXRAID is driven and motivated to ensure the bad guys don’t win. We’re dedicated to providing our clients with state-of-the-art cyber security solutions.

Tech Nation

Tech Nation

Tech Nation is the UK’s first national scaleup programme for the cyber security sector, aimed at ambitious tech companies ready for growth, at home and abroad.

BwCIRT

BwCIRT

BwCIRT is the Computer Incident Response Team (CIRT) for Botswana and provides an official point of contact for dealing with computer security incidents.

Meriplex

Meriplex

Meriplex is a Managed Services provider specializing in Intelligent Networks, Cybersecurity and Cloud Communications.

Haven Group

Haven Group

Haven Group and its companies are a cyber security one-stop-shop for our clients offering a full range of cyber security services to our clients in a unified and united way.

Blaick Technologies

Blaick Technologies

Blaick is an Israeli cyber-security company which deploys proprietary Artificial Intelligence threats detection technology for early prevention of online cyber crime.

Tromzo

Tromzo

Tromzo's mission is to eliminate the friction between developers and security so you can scale your application security program.

Red Access

Red Access

Red Access provides the first SaaS-based platform to protect web browsing from cyber threats on any browser and any in-app while ensuring frictionless user experience.

Longbow Security

Longbow Security

Longbow automates root cause for your application and cloud risks, enabling teams with intelligent remediation actions that reduce the most risk with the least effort.