Posted 22 Feb. 2020

Cybersecurity job market set to worsen once more

Laurent Halimi blog profile image

By Laurent Halimi

CISOs are struggling to find the right candidates for the job


CISOs around the world expect the global cybersecurity talent shortage to worsen in the next five years, according to a new poll by global executive search firm Marlin Hawk.

Two thirds (66 percent) of cybersecurity executives surveyed said they’re struggling to recruit senior talent because candidates don’t possess the requisite knowledge and experience, or “aren’t the right culture fit”.

The problem appears particularly acute in the APAC region, where 91 percent of CISOs are struggling to recruit.

“As the need to protect customer data grows, business leaders have been attempting to work out how best to respond to this new reality, and, most importantly, whose responsibility it should be,” says John-Claude Hesketh, Global Managing Partner at Marlin Hawk.

“The constant cyber threat has completely changed the way boards around the world approach risk, and it’s an issue that every business leadership team has had to respond to.”

The report concludes by noting the position of CISO is a dynamic one, but also one that people don't spend all that long in. The global average tenure for a CISO is four years.

Although a third of CISOs surveyed wanted the position because it’s at the forefront of one of the biggest business growth area, a vast majority (85 percent) said they would love to find a new role.

CIOs and CISOs admit to making security compromises

Decision-makers in the UK often make cybersecurity compromises out of fear of disrupting and potentially hurting their business operations, a new report by Tanium claims.

Based on a poll of more than 500 CIOs and CISOs in the UK, US, Germany, France and Japan, it was said that because of “wider business pressures”, these decision makers refrained from installing crucial updates or generally making security moves within their organisations.

These “wider business pressures” include the pressure to “keep the lights on”, “internal politics”, as well as legacy IT commitments which restricted various security efforts.

The report also claims that CIOs and CISOs do not fully understand the importance of being business and technologically resilient, and that’s also one of the reasons for making compromises in terms of cybersecurity postures.

“A resilient organization can depend on its people, processes and technology to quickly adapt to cyberattacks, outages and other forms of disruption,” commented Ryan Kazanciyan, Chief Technology Officer at Tanium.

“However, our research shows that IT leaders are having to hold off on making crucial updates due to concerns about the impact it might have on business operations. Given that global cyber-attacks such as WannaCry were catalysed by poor security hygiene, organizations need to ensure that they can confidently effect change to protect critical assets, monitor impact, and recover from the unexpected.

It was also uncovered that business leaders lack visibility across their organisations’ many endpoints, including laptops, servers, virtual machines, and other. This makes making informed and confident decisions unmeasurably harder, while organisations remain vulnerable to multiple disruptions.

Different business leaders work in silos, and the lack of data sharing or proper communication often leads to critical security updates not being installed, even though business leaders thought they had.