Today’s security executives confront a number of challenges when it comes to strategy execution, including bridging the internal skills gap, gaining the appropriate amount of executive support from the company, establishing a security culture, making solid technology investment decisions, and more. However, the current situation of the economy is driving a new narrative for CISOs, with many being expected to accomplish more with less.
As per Stott and May’s 2023 Cyber Security in Focus Report, a high-quality sample of 60 CISOs and security leaders across EMEA and North America were asked a series of questions about the state of cyber security and the following results are very interesting:
Budget Restrictions: The New Obstacle
The difficulties for CISOs have always been varied, ranging from filling internal talent gaps and garnering executive backing to establishing a security culture and making technology investment decisions. However, the economic landscape is changing, requiring CISOs to rethink their strategy. According to the research, money restrictions have surged to the top of the list as the most significant impediment to strategy execution.
For the first time, funding constraints were highlighted as the top hurdle by 51% of polled CISOs, exceeding internal abilities. The impact of this new barrier is significant, necessitating creative solutions to overcome it.
Sourcing The Best Talent
In addition to funding difficulties, the study emphasises the persistent difficulty in filling cyber security openings. 66% of security leaders say it’s difficult to locate the right people for their organizations. Even more troubling, 69% of security posts stay vacant after 8 weeks. As the need for cyber security specialists grows, so does the battle for top talent.
Rising Salary Expectations
Aside from these obstacles, wage expectations in the cyber security profession are rising. Almost half of the CISOs polled (47%) said that remuneration levels had risen by greater than 11% year on year. Another 31% reported pay increases ranging from 6% to 10%. These rising wage expectations put a further burden on cybersecurity expenditures.
Strategic Investment Constraints
Organizations continue to prioritise strategic investments in cyber security. The report, however, implies that there is limited space for exploration. A sizable proportion of CISOs (44%) expect their budgets to stay the same or decline.
Only 53% feel security investments are keeping up with digital business. This restricted financial flexibility creates a quandary for CISOs as they strive to find a balance between cyber security performance and cost management.
Critical Investment Aspects
The report identifies the top three investment priorities for CISOs in 2023. With 25% of CISOs investing resources to defend their cloud environments, cloud security leads the way. Identity and Access Management (IAM) comes in second at 20%, with security and vulnerability management coming in third at 18%. As organizations adjust to the shifting threat landscape, these areas have become key points.
Integrating Cyber Protection With Corporate Planning
The emphasis in a dynamic cyber security landscape is shifting towards integrating security risk with overall company strategy. According to the research, 55% of security leaders feel that cyber security is a strategic priority for their organizations. Furthermore, 60% believe that the security function improves the entire value proposition to clients. This integration of security and business strategy is critical for dealing with financial restrictions while maintaining a successful cyber security posture.
Insights from Industry Experts
Haris Pylarinos, Founder & CEO of Hack The Box, gave his opinion on the most difficult problems CISOs confront while establishing a high-performing security function. “You need to be conscious that when security professionals join your team, they become purely focused on your organization. That means they miss a lot of experience and context they would otherwise gain if they were, say, working for a vendor providing services to multiple organizations.”
In addition, Chris Castaldo, CISO at Crossbeam, outlined his thoughts on the main barriers that CISOs come across when executing their cyber security roadmaps. “A lack of budget. Inability to acquire the right level of internal skills. All of these things are linked to understanding the business and shaping a strong narrative that resonates with key stakeholders.”
About Stott and May
Founded in 2009, Stott and May is a firm focused on technology recruitment with a passion for helping leaders achieve complete confidence that they have hired the right talent first time in fiercely competitive markets.
