Nearly half of CISOs (48%) say that the skills shortage in their teams or organisations is the biggest people-related challenge their business is facing this year, closely followed by a lack of applicants for vacancies (36%).
That’s according to new research from cyber security solutions provider BSS that explores How CISOs can succeed in a challenging landscape.
The research, which surveyed 150 information security decision makers, further revealed that the most challenging areas to recruit and retain staff for are: cloud engineering (34%), third-party assessment (31%), and risk assessment and assurance (31%).
The research also revealed that staff attrition is another key people related challenge (19%) and not just at a team level, In fact, one in ten CISOs (13%) stated that they only stay in the role for less than a year.
To combat the shortage of internal experts and high churn rates, many are turning to external companies to bolster their security offering, with nearly all (97%) of those surveyed stating that they engage with partners and service providers for their security needs.
While use of external providers is a great way to deal with skills shortages in teams –with new offerings like the virtual CISO making it even easier to manage projects end to end with external companies– churn rates, budget for external help and even training to address the skills gap all rely on one thing: recognition of the importance of cyber security. Recognition that this new research reveals is sorely lacking.
In fact, less than a third of CISOs surveyed (28%) said that the value of their role is recognised by the board with less than a quarter (22%) stating that they are actively involved in wider business strategy and decision making. And half (49%) of those surveyed agreed that there is a lack of C-level buy-in to the role of information security.
BSS Director, Chris Wilkinson said: “In the midst of a relentless digital skills shortage sweeping across all industries, the urgent call for senior leaders is crystal clear: embrace the paramount significance of cyber security and, above all, recognise the immense value their information security teams bring.
“Moreover, with the critical skills crisis continuing, seeking external expertise is no longer just a nice to have but an absolute necessity to enable companies to fortify their cyber defences to the utmost level.”