Alarm Bells Ringing: 47% of Leaders Say Cyber Investment Lags Behind Digital Growth

Amidst the dynamic currents of the swiftly advancing digital era, a disquieting 47% of security leaders worldwide voice apprehension about the apparent lag in cyber security investment relative to the rapid expansion of the digital landscape. This disconcerting revelation emerges from the meticulous analysis encapsulated in the 2023 Cyber Security in Focus Report, a profound undertaking by Stott and May.

Surveying the perspectives of 60 Chief Information Security Officers (CISOs) and security leaders spanning Europe, the Middle East, Africa (EMEA), and North America, the report unfurls a transformative panorama where the once peripheral issue of budget constraints has surged to the forefront, now standing as the primary impediment to the seamless execution of strategic roadmaps—a formidable challenge underscored by a notable 16% year-on-year escalation.

The report highlights a pivotal change in the challenges faced by security leaders. For the first time, budget constraints (51%) have eclipsed internal skills (34%) as the foremost barrier to strategy execution, underscoring the economic pressures forcing CISOs to achieve more with limited resources. Board-level buy-in (11%) and technology concerns (3%) also factor into the challenges faced by security leaders on a global scale.

The talent shortage remains a persistent pain point for 66% of respondents, with 69% of security vacancies left unfilled after eight weeks. Notably, 47% of CISOs observe a substantial increase in salary expectations, with 31% citing wage inflation between 6% and 10% year-on-year.

While strategic investment in security persists, experimentation is curtailed by budget constraints, as 44% of respondents anticipate stagnant or reduced budgets. Only 53% believe that security investment is keeping pace with the rapid evolution of digital business. Cloud security (25%), IAM (20%), and security and vulnerability management (18%) emerge as the top three priority investment areas for CISOs in 2023.

The report also emphasises a growing focus on aligning security risk with business strategy, with 55% of security leaders affirming that their company views cyber security as a strategic priority. Furthermore, 60% believe that the security function enhances the overall value proposition to customers.

Haris Pylarinos, Founder & CEO of Hack The Box, discussed the top obstacles CISOs face when establishing a high-performing security unit. “It’s the ability to stay outward looking and ensure that internal skills stay up to date. You can hire the best security professionals out there with field experience, but the problem is that this knowledge can degrade over time because cyber security is evolving at such a rapid pace.”

In addition, Chris Castaldo, CISO at Crossbeam, detailed his opinions on the primary challenges that CISOs encounter while implementing their digital safety roadmaps for development. “Not understanding the business. That’s the main barrier. Everyone that I talk to that’s trying to implement some new tool or a new process or policy and meets resistance typically hasn’t spent enough time trying to understand what those stakeholders really care about and tailoring that message to them.”

As the digital landscape continues to evolve, the 2023 Cyber Security in Focus Report serves as a comprehensive resource for understanding the dynamic challenges faced by CISOs and security leaders in navigating the intersection of budget constraints, talent shortages, and evolving technology landscapes.

As companies witness the ongoing evolution of the digital landscape, the 2023 Cyber Security in Focus Report stands as a comprehensive resource. It provides an in-depth understanding of the dynamic challenges faced by CISOs and security leaders as they navigate the intricate intersection of budget constraints, talent shortages, and the continually evolving technological landscape.

This report not only sheds light on the current state of cyber security but also serves as a roadmap for organisations looking to fortify their security posture in an ever-changing digital environment.