The constant cyber threat has completely changed the way boards around the world approach risk. A robust cybersecurity posture is no longer a “nice-to-have” but a business priority, especially at a time of almost pervasive threats. As the need to protect customer data grows, business leaders have been attempting to work out how best to respond to this new reality, and, most importantly, whose responsibility it should be.
Recently, Marlin Hawk commissioned a report into the evolving role of the CISO (Chief Information Security Officer) and the challenges they face in an ever-changing landscape. The report analyzed responses from 500 cybersecurity executives working in businesses with 500 or more employees across the US, Europe and APAC.
Isolated and Overworked
Two-thirds of respondents revealed that they are struggling to recruit senior cybersecurity talent. The majority put this down to candidates lacking the right level of technical knowledge or experience to fulfill the increasing demands of the role.
The talent shortage is particularly prevalent in the APAC region, where 91% say they find it challenging to find the right talent. However, it is clear that this is a global issue as 61% in the U.K. and 54% in the U.S. admitted to having the same problems with recruitment.
Broadly across sectors, the consensus is that the cybersecurity talent shortage isn’t going anywhere. In fact, 62% believe that the situation will deteriorate over the next five years. As a result, this has created an active recruitment market as overworked CISOs become more and more frustrated with their workload and the lack of the support they have from the board. The report also found that 85% of senior cybersecurity professionals are either actively looking for a new role themselves, or would consider one if approached.
With this in mind, businesses should be reorganizing their priorities and focusing their efforts on providing the necessary support to nurture and retain the talent they already have. The challenge now is for their boards and business leaders to work out how to show these senior cybersecurity professionals that they’re valued, and work out how to integrate them into strategic business decisions while navigating a dramatic global talent shortage.
Adapt to Survive
According to Ron Green, CISO at Mastercard, machine learning and automation have a crucial role to play in taking the pressure off current and future CISOs.
He explains: "We’re going to need solutions that can help the humans get away from more of the routine problem-solving and take it off of their plate so that they can work on the more difficult tasks. Businesses are still going to need smart humans on security but already, the humans that are in our security operations centers are being overwhelmed with things they have to monitor. You can't simply keep putting in more people because there aren't enough people already."
Cybersecurity threats are real and the size of the challenges still to come are large. Many businesses have invested heavily in digital transformation to improve productivity without considering the consequences. From the 1980s when technology began replacing traditional trading floors to the advances of e-commerce in today's world, cyber poses possibly the biggest risk to human and financial security now and in the future.
Given that cybersecurity professionals are the last line of defense against this threat, now is the time for businesses to invest properly in support of the role, whether that’s through appropriate technologies or by giving it more weight as an area of the business. We may even see CISOs move into the role of Chief Risk Officer or CIO, with the latter taking cybersecurity into account when creating strategic plans for their organization’s IT infrastructure. With heightened awareness around data protection, it’s probable that in 2020 we’ll see this start to happen, as board directors attempt to work out how to value these senior cybersecurity professionals.
Indeed, we may even see the CISO’s role begin to be subsumed into other areas of organizations, especially as the younger generation of cybersecurity professionals continue to emerge with a blend of technical abilities and strategic thinking. These younger people may use their skills to take ownership of the cyber defensive posture, but also to inform their organization’s overall tech strategy.
One thing is for certain; 2020 is going to be an important year for the world of cybersecurity and those working within it. The threats will continue to evolve, as will those whose job it is to counter them.