How important has cybersecurity skills become in an enterprise’s defence against the growing cyberattacks they face? Is cybersecurity often seen as just an ‘IT issue’ with little specialist skills or training within a business? And how are businesses approaching the security skills gap they face?
Paul Caron, Head of Cyber Security, S-RM’s, Americas.
Paul is S-RM’s Head of Cyber Security, Americas. Paul has over 20 years of experience spanning both the private and government sectors in roles across leadership, military intelligence and counterterrorism, and cyber security leadership & engagement delivery. Before joining S-RM, he was a global consulting firm’s Managing Director of Incident Response. In this role, he used his experience to help clients who were experiencing complex ransomware attacks.
In their report Cyber Security Insights, S-RM revealed a drop in concern around the cyber security threats posed by hybrid working. However, a significant proportion (35%) of IT leaders say they are concerned about employee cyber skills gaps.
The report, which draws on data from 600 C-suite and IT budget holders from organisations with revenue over USD $500m, found that 37% of organisations reported concerns around hybrid working – a drop from 46% in 2021. This may be partly due to growing awareness of cyber security threats among employees. When asked about the biggest cyber security challenges their organisation faced, just 31% of respondents ‘perceived lack of importance from employees in 2022’. While there is still a way to go, this figure is down from 36% in 2021.
Despite growing awareness among employees, the cyber skills gap still remains an area of vulnerability. Over a third of senior IT leaders and C-suite holders in 2022 (35%) highlighted a lack of cyber skills and expertise as a key challenge facing their business regarding cyber security defence and incident management – a figure that rose to 42% within the financial services industry. These statistics support the ongoing industry discussion about the difficulties of attracting and retaining the best talent.
The report also illustrated that businesses with more mature cyber security policies prioritise different challenges than less experienced companies. Businesses where senior leaders viewed the company’s cyber security as ‘very mature’ were more likely to consider compliance and unsophisticated or outdated cyber security tools as their key challenges (37% and 33%).
Further detail on the full report can be accessed on the S-RM website.