Why the cyber skills crisis is an opportunity to transform your cybersecurity

    Aug. 16, 2023
    Organizations that concentrate on efficiencies are more likely to position themselves for security success
    Courtesy of BigStock.com -- Copyright: peshkov
    Nearly one-third of cybersecurity decision-makers and practitioners are worried about the lack of security skills and security training budget, and over one-quarter have concerns about low-security team headcount and low overall security budget.
    Nearly one-third of cybersecurity decision-makers and practitioners are worried about the lack of security skills and security training budget, and over one-quarter have concerns about low-security team headcount and low overall security budget.

    Cybersecurity is experiencing a prolonged crisis in supply and demand for skills. The current ratio in the U.S. is at 69%, meaning fewer than 7 in 10 cybersecurity jobs can be filled by the available workforce.

    It's a situation that’s causing significant concern for industry leaders. Our research found that nearly
    Courtesy of BigStock.com -- Copyright: peshkov
    Nearly one-third of cybersecurity decision-makers and practitioners are worried about the lack of security skills and security training budget, and over one-quarter have concerns about low-security team headcount and low overall security budget.
    Nearly one-third of cybersecurity decision-makers and practitioners are worried about the lack of security skills and security training budget, and over one-quarter have concerns about low-security team headcount and low overall security budget.

    Streamlining With Consolidation

    A strategic approach is needed for security leaders and their teams to address the resource crisis. A key response emerging in the market is security vendor consolidation. According to Gartner, 75% of organizations were pursuing consolidation in 2022, almost tripling since 2020. Considering that an alarming 35% of cyber budgets are being spent on tools that don’t give a measurable improvement in cybersecurity posture, it’s evident why businesses are seeking to consolidate and do more with less.

    However, there is a degree of caution around consolidating vendors and tools. Nearly four in five security leaders and decision-makers admitted to being concerned that consolidation will reduce their ability to mitigate cyber risk. But we found this skepticism to be unfounded. In reality, half of those who have begun consolidating have seen an improvement in security posture as a result.

    This is because, when approached strategically, consolidation streamlines security operations. Without a policy of consolidation, security professionals are burdened with conflicting data from disparate tools, constraining their ability to respond to threats effectively and manage their organization’s security posture. Implementing more tools doesn't equate to better security, instead increasing complexity and draining already stretched budgets on solutions that aren’t necessary.

    Organizations already have all the tools they need to prevent the majority of breaches. By consolidating vendors and tools, businesses not only optimize their cyber spending but security leaders and teams benefit from a unified security ecosystem that makes security posture management more effective and efficient.

    Automation for Efficiency

    While some are beginning their consolidation journey, more organizations are already implementing automation to drive efficiency, improve security posture and ensure compliance. The benefits of automation are multifold. Security leaders and decision makers who have embarked on security automation cite more efficient use of resources as the principal benefit (57%), in addition to improved decision-making (46%), more accurate prioritization, and freeing up security teams to focus on different tasks (both 43%). As a result, much of the pressure felt by employees can be alleviated, giving them time to focus on more valuable tasks and improving their overall security posture.

    In addition to these benefits, automation is vital for ensuring compliance with new and changing regulations. Whether by design or not, regulators are a catalyst for change in the industry. New regulations like the EU’s Digital Operational Resilience Act (DORA) are mandating the continuous monitoring of IT environments and security controls, which can only be achieved with automation. Embracing automated controls monitoring enables organizations to comply with and meet regulatory requirements, as well as adapt to evolving frameworks and guidance.

    Automation is also crucial in terms of board oversight of security risk – another necessity under new regulations. Across the U.S. and Europe, new legislation is escalating accountability for cybersecurity to the board level. As a result, the pressure felt by security teams will inevitably increase with the growing need to provide an accurate picture of their organization’s security posture with trusted metrics and measures, in a way board executives understand and can use to make informed decisions. Automation is a key piece to this puzzle and a necessity for building confidence and trust in this data while driving greater efficiency and making the best use of the tools and resources an organization has already invested in.

    Doing More With Less

    It’s true that a significant transformation is needed in cybersecurity to overcome the severe resource challenges enterprises are facing. Key trends like consolidation and automation are only going to become more important as the threat landscape evolves, and regulatory pressures increase.

    Change is difficult, but by starting the efficiency drive as soon as possible, organizations can strategically reduce the burden on existing cybersecurity professionals, while improving proactive security posture management and enabling compliance with new regulations.

    Marie Wilcox, Security Evangelist, Panaseer
    Marie Wilcox, Security Evangelist, Panaseer
    About the author: Marie Wilcox is aSecurity Evangelist and is the Director of Product Marketing at Panaseer. She is experienced in global proposition development with strong product marketing skills, including the development of a go-to-market strategy. She is Chair for the Southeast Region of the Chartered Institute of Marketing and a Board Director at the Chartered Institute of Information Security.

    Prior to Panaseer she held many senior leadership roles in both large corporates and small start-ups and has successfully delivered increased profile and revenue for organizations such as McLaren Applied, Digital Barriers, BAE Systems and Siemens.

    About the Author

    Marie Wilcox | Security Evangelist and is the Director of Product Marketing at Panaseer.

    Marie Wilcox is a Security Evangelist and is the Director of Product Marketing at Panaseer. She is experienced in global proposition development with strong product marketing skills, including the development of a go-to-market strategy. She is Chair for the Southeast Region of the Chartered Institute of Marketing and a Board Director at the Chartered Institute of Information Security.

    Prior to Panaseer she held many senior leadership roles in both large corporates and small start-ups and has successfully delivered increased profile and revenue for organizations such as McLaren Applied, Digital Barriers, BAE Systems and Siemens.

    Courtesy of Getty Images -- Credit: Vertigo3d
    Zero trust blocks cyber intrusion, requiring both authentication and authorization for every digital interaction.
    National Security Agency Executive Director Harry Coker Jr. speaking at the 2019 CAE Executive Leadership Forum in Pensacola, FL.
    (Photo courtesy bigstockphoto.com/soupstock)
    According to a recent report on the attitudes of boards of directors towards cybersecurity reports, more than half (59 percent) of board members surveyed said IT and security executives will lose their jobs for failing to report understandable and actionable information.