The tenth annual Information Security Maturity Report published by ClubCISO in collaboration with Telstra Purple, finds that CISOs are continuing to hire despite widescale economic uncertainty and increasingly looking to diverse pools of talent to make up an urgent shortfall of talent on the global stage.
Informed by a survey of security leaders across public and private sector organisations around the world, the report emphasises how navigating the talent shortage is at the top of the agenda for security leaders.
Insufficient staff numbers posed one of the greatest challenges for industry leaders in achieving their objectives. In stark contrast to other functions in the IT sectors, more than half (52%) of CISOs said that they expect to expand their team this year and only 5% anticipated a down-sizing. The next biggest concern for respondents was the culture of the organisation (31%), highlighting that people/cultural challenges are still considered more impactful on the ability to deliver against objectives than macro challenges such as budgets (29%), the supply chain (25%), and the economic downturn (22%).
In growing their teams, security leaders also recognised optimal ways in which to do so, with the majority placing emphasis on diverse recruitment and ensuring equal access to opportunities. Asked about the value of diversity, most CISOs (78%) said they believed that it is beneficial to bring different perspectives into the business, while improving culture (54%) and fostering greater innovation (48%) were the next most common reasons.
With social engineering still the leading cause of material breaches over the last year (accounting for 38% of reported material breaches, and higher than any other attack vector), CISOs agree that recruiting diverse teams with a range of perspectives and experience could significantly help.
ClubCISO Advisory Board Member, Kevin Fielder, commented, “In security teams, it’s encouraging to see diversity being viewed as an opportunity, and something that needs to be pursued actively to meet the challenges we face going forward. The report highlighted real ingenuity from CISOs who are now looking at diversity from a range of vectors including cultural, racial, educational and professionally diverse backgrounds.”
While the vast majority (84%) of respondents feel confident or very confident that their organisation has a strategy in place to offer equality of opportunities for candidates, there is a wider spread of opinions on how best to actually recruit these diverse teams. CISOs are hiring most from culturally/racially diverse backgrounds (60%), but the next highest-scoring strategy was recruiting from educationally diverse backgrounds (48%). Recruiting candidates from professionally diverse backgrounds was almost as common (47%) but focusing on gender diversity is rarer, with only 36% giving it specific focus.
Rob Robinson, Head of Telstra Purple EMEA, sponsors of the ClubCISO community, said, “Over the past ten years, the ClubCISO report has been a vital barometer for the security industry and the CISOs navigating it. While security maturity continues to evolve and material breaches are down, the industry now faces a talent crossroads with personnel concerns outweighing purely financial constraints. CISOs are recognising the intrinsic value of diverse talent and taking a leadership role in recruiting from non-traditional areas”.