The cybersecurity skills shortage: A CISO perspective

For example, nearly one-third (32%) of CISOs said the skills shortage led to an increase in human errors associated with cybersecurity tasks compared to 16% of other respondents. This may be a function of their wide purview, where CISOs see human error issues across the entire organization, compared to managers or staff who may be more heads down on their individual jobs.

Additionally, 38% of CISOs claimed that the skills shortage led to less collaboration between cybersecurity and business teams (compared to 26% of other respondents). This is likely a red flag issue with security executives as aligning security with business priorities is at the heart of a CISO’s job responsibilities.

Lastly, 43% of CISOs say that the skills shortage led to hiring/training junior candidates rather than experienced candidates (compared to 28% of other respondents). Thus, CISOs are being forced to make suboptimal hiring and investment decisions that certainly impact overall team efficacy and efficiency.

What are the factors contributing to skills shortages?

In another survey question, respondents were asked to identify the factors contributing to the skills shortage at their organization. Once again, CISO responses stood out from the crowd. Sixty-eight percent of CISOs said that their organization simply doesn’t offer competitive compensation, making it difficult to recruit and hire talent (compared to 42% of other respondents).

This must be incredibly frustrating, causing proactive CISOs to sound alarm bells with the board of directors. Additionally, 41% of CISOs claimed that their organization doesn’t have a reputation as a cybersecurity leader, making it difficult to recruit and hire (compared to 25% of other respondents).

CISOs in this situation must double down on job-related things cybersecurity pros look for, such as mentoring programs, continual training opportunities, and career development.