Cyber Execs' Competing Priorities Are Often at Odds With Each Other

Study identifies critical yet paradoxical security problems managers face.

Cybersecurity executives are faced with such a broad range of complex challenges that their priorities – from staffing to training to technology – are often at odds with each other, according to a new report.

A survey of more than 1,600 C-level executives from around the world by (ISC)2, Booz Allen Hamilton and Frost and Sullivan, found that top security executives are faced with a number of critical, yet often paradoxical, security challenges.

Among the top concerns were staffing and training issues, which C-level respondents often indicated are at odds with business conditions and funding priorities. For example, the majority of security executives (77 percent in government and 63 percent in private industry) believe their security shops are understaffed, yet 61 percent cited business conditions as an obstacle preventing them from hiring more personnel.

Respondents also cited concerns over a shortage of trained personnel, yet more security executives said they planned to increase spending on technology in the next year (39 percent) than on staffing (35 percent).

The study, which offers the C-level snapshot of the overall Global Information Security Workforce Study, also identified that security jobs are now beyond full employment, with more security professionals working today than ever before. Despite this, there are still not enough skilled professionals to keep pace with demand, nor are there many universities that offer a core curriculum on cybersecurity.

Meanwhile, 72 percent of C-level executives cited the threat of application vulnerabilities to the security of enterprise data as a top concern, yet many noted that the demands of their organizations make it difficult to develop and implement secure application development.

Mobile devices also were cited as a top concern among respondents (70 percent), yet many reported that they had not successfully implemented mobile security policies and programs.

W. Hord Tipton, executive director for (ISC)2, said Thursday that while the report often showed conflicting priorities, it still signals a positive step forward in that C-level executives have a much broader understanding of security needs than two years ago.

“Often times, it becomes paradoxical when you have a problem but you’re also in a regressed economy,” Tipton said. “The monies and the budgets particularly in government don’t always come in to fill the need you know you have but you can’t afford, so it looks like [executives] aren’t putting money where their mouth is.”

Still, Tipton pointed to some positives found in the study: 35 percent of C-level executives plan to invest in new technology in the coming year, while 31 percent plan to hire additional people. “Maybe that’s the 31 percent that get it,” he said. “What it tells me is we’re making progress and getting better education across the board, but it also tells me we have a long way to go.”  

Join us at Nextgov Prime Oct. 15-16 in Washington for indepth discussions about cloud computing, data security and much more. Registration is free for federal employees.