A new report from Stott and May revealed that over 76% of cyber security leaders are struggling with a cyber-security skills shortage. The executive search firm’s Cyber Security in Focus 2020 report was based on the experience of 55 leaders in Europe and the US.
The report focused on four main areas, including the skills shortage, the boardroom perception of cyber security, attracting talent, and the risk associated with moving to the cloud.
Several key findings emerged from the report. On the one hand, the report showed that security leaders view cyber security as a more important issue than ever. Yet it was also clear that a shortage of talent is making it difficult for businesses to implement their cyber security strategies.
Over half (54%) of the leaders interviewed described cyber security as a strategic priority, with 68% affirming that cyber security enhances their value proposition to customers. Over half (54%) were also mindful of the risks associated with moving towards the cloud, holding the belief that it will lead to more security incidents.
The importance of cyber security was especially emphasised in high growth mid-market firms, with 83% of leaders from this segment placing it as a ‘strategic priority.’
However, the report showed that cyber security leaders are facing real issues when it comes to finding the people to keep their businesses secure online. 76% of leaders reported a cyber security skills shortage in their organisation at present. While part of the problem is internal skills – with 39% indicating that this was the biggest inhibitor to delivering on strategy – it was also clear that security leaders are struggling to find cyber security talent anywhere in the market, with 72% claiming that they ‘struggle’ to source cyber security talent.
The cyber security skills shortage – which is now well known about in the industry – was particularly pronounced in the US. The breakdown showed that 81% of the US cyber security leaders surveyed were having issues with sourcing talent. The figure for the UK was 72%, and 60% for mainland Europe.
The report, which features input from Jim Rutt, CISO at Dana Foundation, also touches some of the key strategic areas of cyber security that businesses need to be thinking about in the coming months.
It was apparent that most businesses are aware that migration to the cloud poses new challenges for security, with 54% claiming that they think it will lead to new security incidents. But as Rutt points out, few businesses fully appreciate the level of this threat.
‘The biggest challenge for both security and operational leaders in IT is the perception that you can just take what you have on-premise, migrate it to the cloud and you can keep the same controls in place and everything will work out fine. CISOs need to get a lot more educated on what they truly need from a defensive posture in a cloud environment.’
Rutt also pointed to issues including insider threat, API integration, and Internet of Things security. Rutt highlighted that we are years away from seeing ‘maturity’ around how to defend an IoT network.
‘When it comes to the Internet of Things there are a multitude of challenges… There’s also a vast difference in the way a lot of these sensors work coupled with the different protocols that they use. We don’t often know what the vulnerabilities of these protocols are.’
The report showed that mid-market and larger firms have been getting creative when it comes to plugging the skills gap. At larger organisations with larger pools of internal candidates, there have been attempts to upskill curious internal talent. Organisations have also been looking to AI and machine learning to free up as much time as possible for valuable people resources. Yet the report also showed a preference (52%) amongst leaders to be able to source the right skills on the open market from day one.
To access all the insights from Stott and May’s cyber security skills research, download the Cyber Security in Focus 2020 report here.