Executives know that in an evolving cybersecurity landscape, that is underpinned by current, heightened economic uncertainties, identifying, understanding and mitigating cyber, data and technology risks is a crucial aspect of organisational success. The increasing supply, effectiveness and utilisation of emerging technology solutions will only continue to significantly intensify the need to further identify, understanding and mitigating these risks.
Yet, the pool of available professionals in the cyber security space has been identified as significantly lacking, and the pipeline of rising talent is woefully dry. Year on year, more organisations lack the right number of people with the right skills to meet their cyber-resilience objectives.
In the survey conducted for the 2024 WEF Global Cybersecurity Outlook report, 45% of leaders said that operational disruption is their greatest concern with regard to suffering a cyber incident. According to the report, this further holds true when cyber and business leaders are grouped: 50% and 40% respectively said that operational disruption is their greatest concern.
Identification however, and ability to address associated risks is another. Referring to the same survey, when asked whether their organisation has the skills it needs to accomplish its cyber objectives 20% said that they do not (with this figure increasing year on year).
This shortage is not related solely to having the resources to perform specific tasks; with the WEF further identifying a lack of critical technical and soft skills is quickly becoming the largest barrier preventing an organisation from achieving its strategic cyber-resilience objectives. This year, 36% of respondents said that skills gaps are the main challenge to achieving their cyber-resilience goals. Some 78% of respondents reported that their organisations do not have the in-house skills to fully achieve their cybersecurity objectives.
Looming cyber inequity amid a rapidly evolving tech landscape emphasises the need for organisations to look beyond finding the right, internal “fit”, and expand beyond an approach of only seeking internal employees/resources.
Sophisticated technical security controls and relevant risk management procedures, underpinned by a holistic, tailored and evolving cyber security strategy are essential methods to reduce the likelihood of a catastrophic cyber event impacting any organisation - but looking to only implement this by way of internal resource has the potential to be limiting. Independant, and impartial advisors, embedded within an organisation can provide holistic, resilience focused strategy in a manner of that ensures an organisation does not fall into a technical focus, and/or defensive only focus.
With the fundamentals of Cyber and Technology risk now truly understood, 2024 presents an opportunity to build on these basics and for organisations to make the next step and implement a truly business enabling cyber security strategy.