CISO's Cant Find The Right People

A recent study by the upscale human talent acquisition agency Stott and May, featuring a panel of 55 security leaders from around the globe, has found that access to cyber security skills remains the number one barrier to strategy execution. 39% of the sample stated that a lack of internal security skills was their number one challenge with budget (30%), board level buy-in (22%) and technology (9%) called out as other notable hurdles.
 
Other key findings in the report include:
 
  •  Most respondents (76%) believe there is a shortage of cyber security skills in their company, however, the problem still seems more potent for mid-market and large enterprise businesses.
  •  Organisations are still struggling to source cyber security talent (72%) with no material improvement around time-to-hire from 2019. 
  • The business perception of cyber security is moving away from unnecessary expense (15%) towards strategic priority (54%) in the wake of well publicised breaches resulting in fines and reputational damage.
  • Customers are becoming more educated and demanding around the issue of cyber security, driving most respondents (69%) to conclude that their business feels that functions can add value to their companies’ overall proposition. 
  •  As more business move towards the cloud 54% of cyber leaders believe we will see an increase in incidents. 
  •  30% of security leaders are also looking internally for transferable skills first before going to the open market.
CISO’s are being forced to become more creative about how they leverage their finite resources with 46% of the sample stating that they believed that AI and Machine Learning could offer part of the solution in terms of automating more workloads.
 
Jim Rutt, CISO at the medical research organisation, he Dana Foundation, one of the participants in the research stated; “the first thing that most CISO’s are going to gravitate towards is trying to leverage some form of artificial intelligence or automation. There’s upside here in terms of making teams work a lot smarter and reducing the volume of manual tasks.”
 
Rutt did, however, explain that CISO’s need to be more hands on if automation projects are to realise their intended benefits. “Often the challenge is the burden on building these initiatives falls on the SOC team rather than the architectural or leadership teams. These individuals are less likely to understand, from an enterprise perspective, what they should be automating and where the priorities sit.” 
 
He continued; “CISO’s need to be looking at solutions that reduce manual work, but they need to really have skin in the game from a technical and process perspective about what’s going on and what is going to be viable.”
 
The report also touches upon the key challenges that sit in front of CISO’s in 2020. Outside of getting a better handle on the recent influx of remote workers and the aforementioned need for more automation, key themes also included; improving maturity around risk measurement and metrics, insider threat, asset management and API security.
 
 
The Stott and May Cyber Security in Focus Survey examines the key issues that have made an impact on the market over the course of this year. Respondents were asked to share their views across a wide range of issues including, but not limited to, the skills shortage, the boardroom perception of cyber security, talent attraction and the challenges associated with securing business in the cloud. You can access the full report here.
 
You Might Also Read: 
 
How Can Boardrooms Effectively Manage Cyber Risk?:
 
 
 
 
« Beware The Latest Malware
Coronavirus Phishing Scams »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Information Risk Management (IRM)

Information Risk Management (IRM)

IRM is an international consultancy dedicated to helping organisations solve key business issues. We provide strategic cyber security advice across a wide range of sectors.

Nuix

Nuix

Nuix specialise in extracting knowledge from unstructured data. Applications include Digital Forensics, Cybersecurity Intelligence, Information Governance, eDiscovery.

TWNCERT

TWNCERT

TWNCERT is the National Computer Emergency Response Team of Taiwan.

DataVantage

DataVantage

DataVantage data masking and data management software helps you prevent data breaches, pass compliance audits and meet regulatory requirements such as HIPAA and PCI DSS.

World Wide Technology (WWT)

World Wide Technology (WWT)

WWT is a technology solution provider in the areas of big data, collaboration, computing and cloud, mobility, networking, security and storage.

FinlayJames

FinlayJames

FinlayJames supports cyber security companies to meet the increasing demand and pressure on them by finding top talent within the industry for their sales, marketing and technical teams.

IOTA Foundation

IOTA Foundation

The IOTA Foundation is a non-profit R&D organisation focused on developing the next generation of protocols for the connected world.

ISEC7 Group

ISEC7 Group

ISEC7 Group is a global provider of mobile business services and software solutions. The company was one of the first movers in mobilising company and business processes.

Tesorion

Tesorion

Tesorion is a fusion of different enterprises each with its own specialisation in the field of cybersecurity. We have combined these specialisations to create an integrated comprehensive solution.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

Alibaba Cloud

Alibaba Cloud

Alibaba Cloud is committed to safeguarding the cloud security for every business by leveraging a comprehensive suite of enterprise security services and products on the platform.

NetTech

NetTech

NetTech’s Managed CyberSecurity and Compliance/HIPAA services are designed to help your company prevent security breaches and quickly remediate events if they do happen to occur.

Data Priva

Data Priva

Data Priva is the UK's leading subscription-based data protection, governance, risk and and compliance service.

Esprinet

Esprinet

The Esprinet Group is an enabler of the technology ecosystem: a team of people who promote access to technology through an extensive network of professional resellers.

Umbrella Cyber

Umbrella Cyber

Umbrella Cyber specialises in Cyber Essentials and Cyber Essentials Plus Certification and penetration testing.

Toro Solutions

Toro Solutions

Toro provide managed security & consultancy to keep governments, businesses & society resilient in the space where cyber, physical & people security converge.