phloxii - STOCK.ADOBE.COM
The dearth of skilled security professionals available for work has created an active recruitment market, and 85% of senior security professionals are either actively looking to move jobs, or would consider jumping ship to take on a new role if approached, according to a study conducted by Vanson Bourne on behalf of Marlin Hawk, a leadership advisory and executive recruitment consultancy.
The research analysed responses from 500 senior security practitioners and CISOs working at businesses with over 500 heads around the world and found that only 7% of US CISOs were not actively looking or willing to consider a change of employment, compared to 11% in APAC and 16% in the UK and Ireland.
“As the need to protect customer data grows, business leaders have been attempting to work out how best to respond to this new reality, and, most importantly, whose responsibility it should be,” says John-Claude Hesketh, global managing partner at Marlin Hawk. “The constant cyber threat has completely changed the way boards around the world approach risk, and it’s an issue that every business leadership team has had to respond to.
“The challenge now is for board directors to work out how to value these senior cyber security professionals and integrate them into strategic business decisions, whilst navigating a dramatic global talent shortage.”
The report revealed that the role of CISO is increasingly dynamic and in a state of evolution, with CISO demographics reflecting this – CISOs tend to skew younger (73% are under 45 and 42% of female CISOs are under 35) and more diverse, although the field is still mostly made up of men.
Encouragingly, Marlin Hawk found that female CISOs earned slightly more than their male counterparts – £55,000 compared with £53,000 – perhaps reflecting the wider industry drive for diversity. Blue chip firms are likely to pay CISOs more, and for a small, elite group of practitioners, remuneration can top seven figures.
A diverse, young and dynamic talent pool may in part explain the willingness to consider a change of scenery, but this is also causing problems when it comes to CISOs’ ability to recruit, with 66% complaining they struggled to find security talent.
Read more about IT recruitment
- Major players from the UK recruitment industry want the government to delay plans to roll out the IR35 reforms to the private sector so enterprises have more time to prepare.
- Recruiters can use text recruiting to connect with great candidates. Here’s a look at how mobile recruiting works, why it’s important and what the future holds.
- The fight for top talent requires planning and turning to new approaches. Here are five recruitment strategies you can use to attract the right job candidates for your company.
The main reasons given for this were that candidates do not have the right level of technical knowledge (34%), don’t have the right experience (34%) or are not a good cultural fit for the organisation (10%).
Over 60% of CISOs said this situation was going to get worse, and the problem was particularly prevalent in APAC, where 91% said they found it hard to find the right talent, as David Gracey, CISO of Hong Kong-based utility CLP Power, who was interviewed for the study, pointed out.
“The maturity of cyber security and how it is viewed by businesses in Asia is probably not at the same level as in Europe or North America,” said Gracey. “For many years, there has been no cultural obsession with cyber security, meaning that the teams historically have not been well-resourced.
“I don’t think cyber security has really been given the prominence it deserves in Asian companies. And that, fundamentally, is the reason there is a limited talent pool of qualified people.”
The report’s authors said that given the number of security pros ready to move, it might seem strange that businesses struggle to recruit, but suggested it may be that experienced security practitioners are viewed as either too technical or too strategic, and not a strong enough blend of the two. This may lead organisations to look for younger talent that they can develop.
Part of the problem may be that unlike other C-suite roles, the progression path for CISOs can sometimes be unclear. Less than half of respondents aspire to rise to the post of CEO – unsurprising given the CISO role is highly specialised and it would not necessarily make sense to put one’s technical expertise aside in order to run a business.
However, argued the researchers, given the continued growth of cyber threats, it may be that CEOs begin to take on some level of responsibility for security in their organisations, or bring CISOs closer to the top.