A recent study conducted by cyber security solutions provider BSS has revealed the major challenges faced by Chief Information Security Officers (CISOs) in their quest to protect organizations from cyber threats. According to the research, nearly half of the surveyed CISOs (48%) cited a skills shortage in their teams as the biggest people-related challenge. This concern was closely followed by a lack of applicants for vacancies, with 36% highlighting this issue. The study, which included 150 information security decision makers, also shed light on the most challenging areas to recruit and retain staff for, with cloud engineering, third-party assessment, and risk assessment and assurance ranking among the top areas.
In addition to the challenges related to skills shortage and recruiting, the study revealed that staff attrition is another key concern. A significant percentage of CISOs (19%) highlighted this issue, and it was particularly troubling that one in ten CISOs admitted to staying in their role for less than a year. To address these challenges, many CISOs are turning to external companies for support, with 97% of those surveyed stating that they engage with partners and service providers for their security needs.
While the use of external providers can help alleviate skills shortages and high churn rates, it is important to recognize the underlying issue: the lack of recognition for the importance of cyber security. The study found that less than a third of CISOs surveyed (28%) believed that the value of their role is recognized by the board, and even fewer (22%) felt actively involved in wider business strategy and decision making. Additionally, nearly half of the respondents (49%) agreed that there is a lack of C-level buy-in to the role of information security.
Christopher Wilkinson, Director at BSS, commented on the findings, emphasizing the need for senior leaders to recognize the significance of cyber security and the value information security teams bring to an organization. He stressed that with the ongoing skills crisis, seeking external expertise is no longer a luxury but a necessity to ensure the highest level of cyber defense.
The research findings highlight the pressing need for organizations to prioritize and invest in cyber security. As cyber threats continue to evolve and become more sophisticated, businesses must recognize the importance of having a strong and skilled information security team. By addressing the skills shortage, improving recruitment strategies, and providing sufficient resources and support, organizations can better protect themselves from potential threats.
To learn more about the study and access a copy of the research, visit the BSS website. By staying informed and taking proactive steps, organizations can navigate the challenging landscape of cyber security and bolster their defenses against potential breaches.