Top 5 challenges for CISOs according to research
Research by service provider BSS found that 48 per cent of CISOs are concerned about the skills gap
New research by cybersecurity and data service provider BSS found that the cyber skills shortage is one of the top concerns for chief information security officers.
The research surveyed 150 CISOs, detailing their priorities, challenges, budgets, and the state of C-Suite buy-in in information security.
Here are the biggest concerns CISOs reported:
Talent constraints
The shortage of talent with information security skills is hindering CISOs from expanding permanent headcount.
In fact, nearly half (48 per cent) of respondents agree that their organisation suffers from a lack of expertise.
Aligned to the above supply chain risks, the biggest shortfalls of skills were in third-party assessment, risk assessment and assurance, and cloud engineering.
Moreover, nearly two-thirds (62 per cent) noted at least a quarter of their permanent headcount isn't based in the UK, which highlights a deficit when it comes to knowledge of local regulations, compliance, and risk.
Misguided budget expectations
61 per cent of CISOs said they are experiencing a notable increase in funding but it seems this is accompanied by impractical expectations, with threats to the business not appearing to be fully understood by the budget holders.
Over three quarters of CISOs (78 per cent), have received extra budget after high-profile cyber incidents.
However, this knee-jerk reaction leads to over half (55 per cent) having to spend money on what's hitting the headlines instead of strategic investment in security defences.
This lack of understanding in information security measures businesses need shows there is significantly more work to be done to ensure that information security receives the attention it deserves, especially in the boardroom.
No voice in the boardroom
Just one in ten (9 per cent) of CISOs surveyed said information security is always in the top three priorities on the boardroom's meeting agenda, and less than a quarter (22 per cent) of CISOs are actively participating in business strategy and decision-making processes.
This suggests a significant lack of awareness and understanding of the importance of information security to business performance.
Relentless regulations
Talking of penalties, regulations are another top CISO challenge.
The need to comply with the pace and variety of regulations issued by both the government and industry bodies like the Financial Conduct Authority (FCA), is relentless.
Almost two thirds (64 per cent) of respondents said regulations change before they can meet previous requirements, with nearly a third (29 per cent) noting this is a significant challenge.
While daunting, CISOs can leverage this increasing scrutiny and use the fact that financial penalties and brand reputation are on the line to make the case for the resources and investment they need from the C-Suite.
Supply chain security
On top of regulations, challenges managing complex third-party supply chains only increase in organisations with larger security budgets.
The need for businesses to develop frameworks that effectively assess and understand supply chain risks and detail implementation and necessary changes is paramount.
Over a quarter of respondents (27 per cent) admit they are locked into long-term and/or expensive supplier contracts, but suppliers need to be kept accountable and meet your organisation's requirements.