Staffing concerns remain an obstacle for security leaders to ensure the security of their organizations. The Cyber Security in Focus research conducted by Stott and May reveals that CISOs see budget as the biggest barrier to strategy execution in 2023, overtaking internal skills for the first time.

Fifty-one percent of security leaders highlighted budget as their primary inhibitor to delivering on strategy, with internal skills (34%), board-level buy-in (11%) and technology (3%) also being cited as issues by the global sample of CISOs.

Other notable findings from the report include:

• 66% of security leaders are facing challenges in sourcing talent for their business.
• 69% of security vacancies are left unfilled after 8 weeks.
• CISOs report that salary expectations across the industry continue to increase. Forty-seven percent believe that salary levels have increased by more than 11% year-on-year.
• Strategic investment continues in security but with little room for experimentation. Forty-four percent report their budgets will stay the same or decrease. Fifty-three percent believe security investment is keeping pace with digital business. The top three priority investment areas for CISOs in 2023 are cloud security (25%), IAM (20%) and security and vulnerability management (18%).
• The focus turns towards translating security risk to align to the business strategy. Fifty-five percent of security leaders believe that their company sees cyber security as a strategic priority, while 60% agree their business feels that the security function improves the overall value proposition to customers.