Stott and May’s Cyber Security in Focus report explores the trends affecting CISOs, providing insights into the questions at the forefront of the industry.
THE number of CISOs highlighting budget constraints as their #1 challenge to roadmap execution is up 16% YoY. A lack of internal skills remains the top challenge for 34% of security leaders, as sourcing talent remains a significant problem for 66% of all survey respondents.
Today’s security leader faces a range of barriers to strategy execution; tackling the internal skills gap, achieving the right level of executive support from the business, building a security culture, making sound technology investment decisions, and more. But the state of the economy is starting to drive a new narrative for CISOs, with many being asked to do more with less.
This year’s Cyber Security in Focus research conducted by global cyber security recruitment specialists Stott and May reveals that CISOs see budget as the biggest barrier to strategy execution in 2023, overtaking internal skills for the first time. 51% of security leaders highlighted budget as their primary inhibitor to delivering on strategy, with internal skills (34%), board-level buy-in (11%), and technology (3%) also being cited as issues by the global sample of CISOs.
Other notable findings from the 2023 Cyber Security in Focus Report include:
- Filling cyber security vacancies continues to be a pain point for security leaders. 66% are facing challenges in sourcing talent for their business. 69% of security vacancies are left unfilled after 8 weeks.
- CISOs report that salary expectations across the industry continue to increase. 47% believe that salary levels have increased by more than 11% year-on-year. A further 31% see wage inflation sitting between 6 and 10%.
- Strategic investment continues in security but with little room for experimentation. 44% report their budgets will stay the same or decrease. Only 53% believe security investment is keeping pace with digital business. The top three priority investment areas for CISOs in 2023 are cloud security (25%), IAM (20%), and security and vulnerability management (18%).
- The focus turns towards translating security risk to align to the business strategy. 55% of security leaders believe that their company sees cyber security as a strategic priority, while 60% agree their business feels that the security function improves the overall value proposition to customers.
Cyber Security in Focus is an annual research report that explores the perceptions of a high-quality sample of 60 CISOs and security leaders on critical themes such as; the skills shortage, barriers to strategy execution, the perception of cyber security functions, and future technology investment. The sampled respondents were sourced from Stott and May’s professional network across EMEA and North America. In addition to primary quantitative research and findings, this report also features qualitative interviews with leading industry professionals in the cyber security space.
In the paper, Haris Pylarinos, Founder & CEO of Hack The Box, shared his thoughts on the top challenges CISOs face when building a high-performing security function. “It’s the ability to stay outward looking and ensure that internal skills stay up to date. You can hire the best security professionals out there with field experience, but the problem is that this knowledge can degrade over time because cyber security is evolving at such a rapid pace.” In addition, Chris Castaldo, CISO at Crossbeam, outlined his thoughts on the main barriers that CISOs come across when executing their cyber security roadmaps. “Not understanding the business. That’s the main barrier. Everyone that I talk to that’s trying to implement some new tool or a new process or policy and meets resistance typically hasn’t spent enough time trying to understand what those stakeholders really care about and tailoring that message to them.”
To access the full report, including Stott and May’s latest salary benchmarking for key security roles, download here.
Find out more about our cyber security recruitment team.