76% of Cybersecurity Leaders Face Skills Shortage

It's Time to Change Your Perception of the Cybersecurity Professional

May 6, 2020

The latest findings of the Stott and May Cyber Security in Focus research reveal that leaders are still struggling with the skills gap and access to talent. Most respondents (76 percent) believe there is a shortage of cybersecurity skills in their company, which represents an improvement on 2019 (88 percent), however, the problem still seems more potent for mid-market and large enterprise businesses. Organizations are still struggling to source cybersecurity talent (72 percent) with no material improvement around time-to-hire from 2019.

Below are more findings from the Stott and May Cyber Security in Focus research.

Not all roles are created equal

Security leaders are finding some roles more acutely challenging to resource than others, says the report. Jim Rutt (CISO at the Dana Foundation), one of the participants in the research, stating “I think it’s more apparent in individual contributor roles like Security Architects, Security Engineers and high level SecOps professionals. There’s a shortage of good talent in those areas, emphasising the word ‘good’. But at that leadership level, whether it be Directors or CISO’s, I see no real shortage.”

The biggest barriers to strategy execution

The panel of security executives selected for the report revealed that internal skills were in fact the largest barrier to strategy execution in cybersecurity functions (39 percent felt this way) followed by budget (30 percent), board level buy-in (22 percent) and technology (9 percent), creating a headache for security leaders to resource their functions more effectively.
46 percent of respondents believed that Machine Learning and AI could offer part of the solution in terms of automating more workloads to reallocate people resource to higher profile projects.
Others (30 percent) were looking to get more creative around hiring internal talent with transferable skills.

The growing impact of security on the value proposition

This all comes at a point where cybersecurity functions have a greater role to play in improving the value proposition to customers and buyers across all sectors are becoming more educated on the issue of cybersecurity and data privacy, creating a knock-on impact on purchasing trends and profitability, found the report.
69 percent of the sample stated that their organization believed that the cybersecurity function had a positive impact on the value proposition of the organization.
There’s little doubt that respondents see cybersecurity moving up the list of boardroom issues, with 54 percent stating their businesses treat the issue as a strategic priority. This perception seems to be even stronger in high growth mid-market firms, with 83 percent pointing towards its strategic significance.

The Stott and May Cyber Security in Focus Survey examines the key issues that have made an impact on the market over the course of this year. The research is based on the collective experience of 55 cybersecurity leaders sourced from Stott and May’s professional network. Respondents were asked to share their views across a wide range of issues including, but not limited to, the skills shortage, the boardroom perception of cybersecurity, talent attraction and the challenges associated with securing business in the cloud.

The full report is available here.

Ransomware and the propulsion of the extortion economy has rapidly eclipsed into a national priority. Recently, we observed the catastrophic impact of a widescale ransomware attack impacting gas pipelines and raising national gas prices overnight.