Cybersecurity is experiencing a prolonged crisis in supply and demand for skills. The current ratio in the U.S. is at 69%, meaning fewer than 7 in 10 cybersecurity jobs can be filled by the available workforce.
It's a situation that’s causing significant concern for industry leaders. Our research found that nearly one-third of cybersecurity decision-makers and practitioners are worried about the lack of security skills and security training budget, and over one-quarter have concerns about low-security team headcount and low overall security budget. In fact, cybersecurity teams feel they need a 40% rise in budget to be confident in their ability to mitigate security risks.
With skills and budgetary shortages only worsening, a transformation in cybersecurity is required to overcome these challenges, restore confidence in security posture and enable organizations to do more with less. This can be achieved through vendor consolidation and process automation.
Addressing the Skills Gap
It’s well known that security teams are overstretched and overwhelmed, without enough people, skills or budget to manage all their priorities and maintain strong cyber hygiene effectively all their priorities and maintain strong cyber hygiene. Currently, 74% of security leaders feel that the lack of resources is negatively impacting their security posture management.
But when there simply aren’t enough cybersecurity professionals to plug the gaps, increasing headcount isn’t a viable solution; skilled people are so scarce that even enterprises with the budget to attract and bolster their security workforce cannot fill the positions. Simultaneously, those who are employed in cyber roles are often laden with laborious tasks like manual reporting that fail to leverage their skills and serve to demoralize talented individuals. Combined with high-stress levels that have come to typify the industry, and compounded by overworked teams covering multiple positions, high staff churn arises as another challenge organizations are contending with.
It’s clear that cybersecurity is facing not only a people challenge but a ‘whack-a-mole' challenge – the circular mission of forever solving urgent problems, leaving little to no time to enact deeper, systemic change. This is why simplifying things and becoming more efficient must be a priority in order to not only address the skills gap but also restore confidence in security posture.
Streamlining With Consolidation
A strategic approach is needed for security leaders and their teams to address the resource crisis. A key response emerging in the market is security vendor consolidation. According to Gartner, 75% of organizations were pursuing consolidation in 2022, almost tripling since 2020. Considering that an alarming 35% of cyber budgets are being spent on tools that don’t give a measurable improvement in cybersecurity posture, it’s evident why businesses are seeking to consolidate and do more with less.
However, there is a degree of caution around consolidating vendors and tools. Nearly four in five security leaders and decision-makers admitted to being concerned that consolidation will reduce their ability to mitigate cyber risk. But we found this skepticism to be unfounded. In reality, half of those who have begun consolidating have seen an improvement in security posture as a result.
This is because, when approached strategically, consolidation streamlines security operations. Without a policy of consolidation, security professionals are burdened with conflicting data from disparate tools, constraining their ability to respond to threats effectively and manage their organization’s security posture. Implementing more tools doesn't equate to better security, instead increasing complexity and draining already stretched budgets on solutions that aren’t necessary.
Organizations already have all the tools they need to prevent the majority of breaches. By consolidating vendors and tools, businesses not only optimize their cyber spending but security leaders and teams benefit from a unified security ecosystem that makes security posture management more effective and efficient.
Automation for Efficiency
While some are beginning their consolidation journey, more organizations are already implementing automation to drive efficiency, improve security posture and ensure compliance. The benefits of automation are multifold. Security leaders and decision makers who have embarked on security automation cite more efficient use of resources as the principal benefit (57%), in addition to improved decision-making (46%), more accurate prioritization, and freeing up security teams to focus on different tasks (both 43%). As a result, much of the pressure felt by employees can be alleviated, giving them time to focus on more valuable tasks and improving their overall security posture.
In addition to these benefits, automation is vital for ensuring compliance with new and changing regulations. Whether by design or not, regulators are a catalyst for change in the industry. New regulations like the EU’s Digital Operational Resilience Act (DORA) are mandating the continuous monitoring of IT environments and security controls, which can only be achieved with automation. Embracing automated controls monitoring enables organizations to comply with and meet regulatory requirements, as well as adapt to evolving frameworks and guidance.
Automation is also crucial in terms of board oversight of security risk – another necessity under new regulations. Across the U.S. and Europe, new legislation is escalating accountability for cybersecurity to the board level. As a result, the pressure felt by security teams will inevitably increase with the growing need to provide an accurate picture of their organization’s security posture with trusted metrics and measures, in a way board executives understand and can use to make informed decisions. Automation is a key piece to this puzzle and a necessity for building confidence and trust in this data while driving greater efficiency and making the best use of the tools and resources an organization has already invested in.
Doing More With Less
It’s true that a significant transformation is needed in cybersecurity to overcome the severe resource challenges enterprises are facing. Key trends like consolidation and automation are only going to become more important as the threat landscape evolves, and regulatory pressures increase.
Change is difficult, but by starting the efficiency drive as soon as possible, organizations can strategically reduce the burden on existing cybersecurity professionals, while improving proactive security posture management and enabling compliance with new regulations.
Prior to Panaseer she held many senior leadership roles in both large corporates and small start-ups and has successfully delivered increased profile and revenue for organizations such as McLaren Applied, Digital Barriers, BAE Systems and Siemens.
