As well as many of the CISOs surveyed fearing a decline in cyber security skills, 66% declared that recruitment of senior talent was a struggle.
This was found to be particularly challenging in Asia and the Pacific (APAC), where 91% cited issues with recruitment, compared to 61% in the UK and 54% in the US.
More specifically in regards to skills that are lacking, 34% said that technical knowledge wasn’t at a sufficient level, while 30% said a lack of experience was an issue, and 10% cited the lack of a cultural fit for the company.
Cyber security skills shortage driving outsourcing — NETSCOUT research
John-Claude Hesketh, global managing partner at Marlin Hawk, said: “As the need to protect customer data grows, business leaders have been attempting to work out how best to respond to this new reality, and, most importantly, whose responsibility it should be.
“The constant cyber threat has completely changed the way boards around the world
approach risk, and it’s an issue that every business leadership team has had to respond to.
“The challenge now is for board directors to work out how to value these senior cyber security professionals and integrate them into strategic business decisions, whilst navigating a dramatic global talent shortage.”
In addition, the study by Marlin Hawk found a concern regarding a lack of possible progression among CISOs, with 85% stating that they are actively looking for new roles or that they would consider taking one if approached.
The global average for the amount of time CISOs spend in a role is four years.
CISOs under pressure: a culture of communication is a necessity, not an optional extra
However, 73% of respondents said that they were under 45 years old, and 29% wanted to be at the forefront of the largest company areas of growth.
“Machine learning and automation are going to be really helpful to current and future CISOs,” he said. “Businesses are still going to need smart humans on security, but already the humans that are in our security operations centres are being overwhelmed with things they have to monitor, and you can’t simply keep putting in more people because there aren’t enough people already.”
500 cyber security executives from across the US, Europe and APAC were surveyed for Marlin Hawk’s study.