In its 2022 cybersecurity benchmarking study, leadership insight firm ThoughtLab reports that material cyber breaches in 1200 surveyed organizations rose 24.5% last year and resultant security spending as a percentage of revenue grew at a 51% clip over previous annual budgets.
Reflective of this uptick, up to 40% of executives shared that their organizations are currently unprepared for the rapidly changing threat landscape. Coupled with an expectation that attacks will continue to increase as nation-states and cybercriminals become more prolific in the coming years, the continued evolution of the CEO/CIO partnership toward cyber threats is critical in organizations of all shapes and sizes.
In fact, according to research firm, Gartner, executives outside of the IT enterprise are finally beginning to realize that securing the enterprise is a shared responsibility but challenges remain.
Company BoDs are professing alignment as the Gartner survey reports that 88% view cybersecurity as a business risk, as opposed to an IT risk, yet in practice, only 12% of company boards have a dedicated cybersecurity committee. Further research by Gartner suggests however that by 2026, 50% of C-level execs will have performance requirements related to cyber risks built into their employment contracts.
Perhaps this continued alignment of a common executive front toward cybersecurity threats will be welcome news to CIOs; however, as important as budgets and accountability are, the talent required to execute on strategies is another story.
In a global study of cybersecurity professionals, security firm Trellix, reports that 85% of surveyed companies shared that the security workforce shortage is impacting their organizations’ ability to secure the enterprise.
Considering the grim statistic offered that almost 1 in 3 cybersecurity professionals plan to change professions in the future, the current talent shortage may only get worse. Perhaps though a suggested resolution comes directly from practitioners with cybersecurity backgrounds in that 94% of those surveyed believe their employers could be doing more to consider employees from non-traditional cybersecurity backgrounds and 45% report having previously worked in other careers.