62% of CISOs think the global cybersecurity talent shortage will get worse over the next five years, according to Global Snapshot: The CISO in 2020, a new report exploring the role and demographics of Chief Information Security Officers (CISOs), as well as the challenges they face, by Marlin Hawk, the global executive search firm.
The report suggests that the demands of such a rapidly evolving role mean that senior candidates often lack the right level of technical knowledge (34%), don’t have the right experience (30%) or simply aren’t the right cultural fit (10%).
The report explores the relatively new role of the CISO, as information security prevails as an issue that affects businesses of every size. It finds that information security is more than a technical issue; it blends risk, strategic vision and knowledge of the threat landscape with people and data management.
The research analyses responses from 500 cybersecurity executives working in businesses with 500 or more employees across the US, Europe and APAC.
“As the need to protect customer data grows, business leaders have been attempting to work out how best to respond to this new reality and, most importantly, whose responsibility it should be. The constant cyber threat has completely changed the way boards around the world approach risk and it’s an issue that every business leadership team has had to respond to,” says John-Claude Hesketh, Global Managing Partner at Marlin Hawk.
“The challenge now is for board directors to work out how to value these senior cybersecurity professionals and integrate them into strategic business decisions, whilst navigating a dramatic global talent shortage.”
Three major findings of the report are:
There is a global talent shortage: 66% of respondents say they are struggling to recruit senior talent because candidates lack the right level of technical knowledge (34%), don’t have the right experience (30%) or simply aren’t the right culture fit (10%). This is particularly prevalent in APAC where 91% say they find it difficult to find the right talent, compared to 61% in the UK and 54% in the US.
The CISO role is dynamic and in a state of evolution: 73% of respondents report that they are under 45 years old and 29% took the role because they want to be at the forefront of one of the biggest business growth areas.
There is rarely a clear upward progression from the CISO role: A symptom of this is that 85% of senior cybersecurity professionals are either actively looking for a new role or would consider one if approached. The average tenure in CISO roles globally is four years.
The report also contains interviews with CISOs from multinationals including Boeing, Zalando and ING. On the challenges CISOs will face in 2020, Ron Green, CSO at Mastercard, says: “Machine learning and automation are going to be really helpful to current and future CISOs. Businesses are still going to need smart humans on security but already the humans that are in our security operations centres are being overwhelmed with things they have to monitor and you can’t simply keep putting in more people because there aren’t enough people already.”
The annual report will track the evolution of the role of the CISO over the next ten years. David Holloway, Chief Executive Officer at Marlin Hawk, says: “Cybersecurity threats are real and the size of the challenges to come are large. From the 1980s when technology began replacing open-outcry trading floors to the advance of ecommerce in today’s world, cyber poses possibly the biggest risk to human and financial security now and in the future. This is Marlin Hawk’s inaugural annual study of the rapidly evolving cybersecurity landscape; we look forward to you joining us over the next decade as we follow CISOs around the world taking on this challenge.”