Chief information security officers (CISOs) fight a never-ending battle to keep their teams' abilities from falling behind, stay ahead of threats, and manage tight budgets in the ever-changing field of cybersecurity. The most recent results of the Cyber Security in Focus study, carried out by technology recruitment experts Stott and May, highlight the critical difficulties that security professionals confront: an alarming 66% of them find it difficult to locate suitable candidates for their companies.
The Shifting Landscape: Budget Takes Centre Stage
For CISOs, internal skills have always been the focus, but this is starting to change. The study indicates that a 16% increase has occurred in the proportion of CISOs, citing budgetary restrictions as their biggest obstacle in the past year. This major change highlights the increasing demand for security officials to achieve more with constrained budgets.
According to the 2023 poll, which collected opinions from a wide range of 60 CISOs and security executives in North America and EMEA, 51% of participants cited financial limitations as the biggest obstacle to putting their cybersecurity plans into action. This information signals a paradigm change in the difficulties encountered by security executives since it is the first time that financial limitations have overtaken internal capabilities as the main barrier to plan execution.
Talent Sourcing Woes: A Persistent Predicament
A significant portion of security leaders — 34% — still view the skills gap as a major concern, despite budgetary limitations taking centre stage. The most startling finding, though, is that a startling 66% of respondents are finding it difficult to get the proper skills for their cybersecurity projects. The effects of this talent shortage are clear: even after an extra eight weeks, 69% of security openings are still vacant.
According to the survey, there is a worrying trend of increasing wage expectations in the cybersecurity sector. Specifically, 47% of CISOs acknowledge that their salaries have increased by more than 11% annually. A further third reports salary inflation of between 6 and 10%, which reflects the growing rivalry across cybersecurity talent pools for competent individuals.
Strategic Investments and Business Alignment
Strategic investments in cybersecurity are nevertheless made, notwithstanding the difficulties in acquiring employees. However, with 44% of security directors reporting static or declining budgets, there is less and less room for innovation. Merely 53% of respondents think that their security expenditure is keeping up with the quickly changing digital business environment.
The study clarifies the top three areas of investment that CISOs should prioritise in 2023. At 25%, identity and access management (IAM) comes in second, followed by security and vulnerability management at 18%, and cloud security at 25%. These goals highlight how important it is to safeguard digital assets, authenticate identities, and bolster defences against new threats.
Aligning Security with Business Strategy
An increasing number of CISOs are emphasising the need to match cybersecurity initiatives with overarching business strategy as they battle financial limitations and workforce shortages. According to the research, 55% of security executives think that cybersecurity is a strategic priority for their organisations. Moreover, a majority of 60% concur that the security function augments the total value proposition offered to clients, underscoring the growing acknowledgement of cybersecurity's function in providing value to businesses.
Perspectives From Sector Experts
Haris Pylarinos, Founder & CEO of Hack The Box, emphasises the critical nature of staying outward-looking and ensuring that internal skills remain current. Pylarinos notes, "You can hire the best security professionals out there with field experience, but the problem is that this knowledge can degrade over time because cybersecurity is evolving rapidly."
Chris Castaldo, CISO at Crossbeam, underscores the importance of understanding the business as a key barrier for CISOs. "Not understanding the business. That’s the main barrier," Castaldo states. He emphasizes the need for CISOs to spend sufficient time understanding stakeholder concerns and tailoring their messages to align with broader business objectives.
The report on Cyber Security in Focus provides a clear picture of the difficulties that modern security executives must overcome. The challenge to find the proper people and the ongoing skills gap continue to be major concerns, even as budgetary restrictions have taken centre stage. CISOs must come up with creative ways to deal with these issues as the cybersecurity landscape changes to keep their companies safe from ever-increasing cyberattacks. The necessity is obvious: in an increasingly digitised and networked world, establishing a strong cybersecurity posture requires bridging the gap between talent acquisition and budgetary restrictions.