Why the cyber skills crisis is an opportunity to transform your cybersecurity
Cybersecurity is experiencing a prolonged crisis in supply and demand for skills. The current ratio in the U.S. is at 69%, meaning fewer than 7 in 10 cybersecurity jobs can be filled by the available workforce.
It's a situation that’s causing significant concern for industry leaders. Our research found that nearlyStreamlining With Consolidation
A strategic approach is needed for security leaders and their teams to address the resource crisis. A key response emerging in the market is security vendor consolidation. According to Gartner, 75% of organizations were pursuing consolidation in 2022, almost tripling since 2020. Considering that an alarming 35% of cyber budgets are being spent on tools that don’t give a measurable improvement in cybersecurity posture, it’s evident why businesses are seeking to consolidate and do more with less.
However, there is a degree of caution around consolidating vendors and tools. Nearly four in five security leaders and decision-makers admitted to being concerned that consolidation will reduce their ability to mitigate cyber risk. But we found this skepticism to be unfounded. In reality, half of those who have begun consolidating have seen an improvement in security posture as a result.
This is because, when approached strategically, consolidation streamlines security operations. Without a policy of consolidation, security professionals are burdened with conflicting data from disparate tools, constraining their ability to respond to threats effectively and manage their organization’s security posture. Implementing more tools doesn't equate to better security, instead increasing complexity and draining already stretched budgets on solutions that aren’t necessary.
Organizations already have all the tools they need to prevent the majority of breaches. By consolidating vendors and tools, businesses not only optimize their cyber spending but security leaders and teams benefit from a unified security ecosystem that makes security posture management more effective and efficient.
Automation for Efficiency
While some are beginning their consolidation journey, more organizations are already implementing automation to drive efficiency, improve security posture and ensure compliance. The benefits of automation are multifold. Security leaders and decision makers who have embarked on security automation cite more efficient use of resources as the principal benefit (57%), in addition to improved decision-making (46%), more accurate prioritization, and freeing up security teams to focus on different tasks (both 43%). As a result, much of the pressure felt by employees can be alleviated, giving them time to focus on more valuable tasks and improving their overall security posture.
In addition to these benefits, automation is vital for ensuring compliance with new and changing regulations. Whether by design or not, regulators are a catalyst for change in the industry. New regulations like the EU’s Digital Operational Resilience Act (DORA) are mandating the continuous monitoring of IT environments and security controls, which can only be achieved with automation. Embracing automated controls monitoring enables organizations to comply with and meet regulatory requirements, as well as adapt to evolving frameworks and guidance.
Automation is also crucial in terms of board oversight of security risk – another necessity under new regulations. Across the U.S. and Europe, new legislation is escalating accountability for cybersecurity to the board level. As a result, the pressure felt by security teams will inevitably increase with the growing need to provide an accurate picture of their organization’s security posture with trusted metrics and measures, in a way board executives understand and can use to make informed decisions. Automation is a key piece to this puzzle and a necessity for building confidence and trust in this data while driving greater efficiency and making the best use of the tools and resources an organization has already invested in.
Doing More With Less
It’s true that a significant transformation is needed in cybersecurity to overcome the severe resource challenges enterprises are facing. Key trends like consolidation and automation are only going to become more important as the threat landscape evolves, and regulatory pressures increase.
Change is difficult, but by starting the efficiency drive as soon as possible, organizations can strategically reduce the burden on existing cybersecurity professionals, while improving proactive security posture management and enabling compliance with new regulations.
About the author: Marie Wilcox is aSecurity Evangelist and is the Director of Product Marketing at Panaseer. She is experienced in global proposition development with strong product marketing skills, including the development of a go-to-market strategy. She is Chair for the Southeast Region of the Chartered Institute of Marketing and a Board Director at the Chartered Institute of Information Security.
Prior to Panaseer she held many senior leadership roles in both large corporates and small start-ups and has successfully delivered increased profile and revenue for organizations such as McLaren Applied, Digital Barriers, BAE Systems and Siemens.