By Stephen Stott, Founder & CEO, Stott, and May
There is a lot of debate currently around whether the cybersecurity profession is recession-proof. Answering that question largely depends on board level perceptions around the strategic importance of the function and how that shifts over the coming months. Business is business, as they say, and ultimately for security functions to sail through largely unscathed they will need to be able to help the board deliver value for shareholders in the short, medium, and long term.
A recent Stott and May report suggests that 55% of security leaders believe that their business sees cyber as a strategic priority, with a further 31% suggesting it’s a very real technical problem. In high growth mid-market firms that number is even more prominent, with 83% pointing towards its strategic significance. The overwhelming majority of respondents (69%) also outlined that the security function had a key role to play in enhancing the value proposition for customers.
It’s fair to say that both B2B and B2C consumers have become far more educated on the issue of cybersecurity and see this as an important feature in purchasing decisions around products and services going forwards. This will be an important point for CISO’s to home in on in the months ahead.
This concept of making security features more prominent could also help to play an important role in building a stronger culture of security within an organization. A key challenge experienced by many CISO’s we interact with. Jim Rutt, CISO at the Dana Foundation, a participant in this research report and stated “CISO’s need to ensure that with every initiative, whether that be the digital transformation or new applications being rolled out, they make the security features and ‘asks’ prominent within the project. Raise awareness of where the issues exist and where the gaps could be exposed.” To maintain a holistic security posture, it is going to be essential to create this level of collective commitment and focus.
The carrot of an enhanced value proposition also needs to be balanced with the stick of protecting business operations as the attack surface increases in light of COVID-19 related events. CISO’s surveyed in the Cyber Security in Focus 2020 research suggested that they felt investment decisions would largely be driven by the stick (57%) and it’s important to keep this balance of risk and reward in mind when dealing with the board.
Ultimately, strategy execution is going to be key. According to the research, the largest single barrier to delivering on cybersecurity initiatives is internal skills (39% of respondents felt this way). A significant percentage of CISO’s (76%) are still reporting a shortage of talent within their businesses with some 72% struggling to source cybersecurity candidates. Will candidate availability improve as a result of COVID-19? Certainly, there may be more candidates on the market, but we are seeing businesses be very deliberate around retaining mid to senior security talent amid the layoffs in other areas. They have the battle scars to prove how challenging the cyber security recruitment market can be. Time to hire will remain a challenge for organizations seeking to address their skills shortage as hiring managers seek to acquire soft skills and cultural fit in conjunction with their technical requirements.
The Stott and May Cyber Security in Focus Survey examines the key issues that have made an impact on the market over the course of this year. The research is based on the collective experience of 55 cybersecurity leaders sourced from Stott and May’s professional network. Respondents were asked to share their views across a wide range of issues including, but not limited to, the skills shortage, the boardroom perception of cybersecurity, talent attraction, and the challenges associated with securing business in the cloud.
The full report is available here.
About the Author
Stephen Stott is the Founder and CEO of Stott and May. He founded the business in December 2009. Stott and May are a talent acquisition agency that specializes in cybersecurity, data and analytics, tech sales, and software engineering recruitment. Stephen divides his time between Stott and May’s UK and US locations with a clear mission; to connect the world’s professionals to make them more productive and successful than they ever believed imaginable. Stephen can be reached online at https://www.linkedin.com/in/stephen-stott-18a94219/ and at our company website http://www.stottandmay.com