Security Budgets Lag Behind Rising Threats, Experts Warn
▼ Summary
– UK cybersecurity budgets are stagnating despite improving job prospects and industry growth, with only 5% of professionals agreeing budgets match threats.
– Over three-quarters (78%) of professionals report good or excellent job prospects, and 73% expect the security market to grow over the next three years.
– People are cited as the biggest challenge facing the industry (75%), outweighing processes (15%) and technology (10%) as primary concerns.
– Communication skills (27%) are the second most valued skill after analytical/problem-solving (48%), emphasizing the need for professionals to act as business partners.
– Addressing the people problem is prioritized for impact, as developing skills costs less than new technology and improves communication with board members on risks.
A concerning gap is emerging between the financial resources allocated to cybersecurity and the escalating threats organizations face, according to a new industry survey. While job prospects and market growth appear strong, security budgets are largely failing to keep pace with the rising danger, creating a precarious situation for businesses. The latest findings from the Chartered Institute of Information Security’s upcoming report reveal a stark disconnect, with a mere 5% of professionals believing budgets are adequate or ahead of threats, while a overwhelming 84% hold the opposite view.
Despite this financial constraint, optimism persists within the profession. Over three-quarters of those surveyed (78%) describe their personal job prospects as good or excellent, and a similar majority (73%) anticipate overall market growth in the next three years. There is also a sense of improvement in certain areas; more than half (57%) agree the profession is getting better at responding to incidents. However, this positive outlook is tempered by the fact that only 49% see similar progress in preventative measures, highlighting a reactive rather than proactive stance.
The survey identifies the human element as the single greatest challenge. People are cited by 75% of respondents as the primary obstacle, far outweighing concerns about processes (15%) and technology (10%). This points to a critical skills gap and a need for better talent management. With professionals expected to achieve more with limited resources, the institute advises a primary focus on solving this “people problem.” The argument is that developing or attracting skilled personnel is often more cost-effective than investing in new technology and is easier to justify to board members who are increasingly aware of cyber risks.
A key part of the solution involves a shift in mindset. Cybersecurity experts are encouraged to see themselves as business partners and advisers rather than unapproachable technical specialists. This is reflected in the skills most valued by the industry; after analytical and problem-solving abilities (48%), communication skills are the second most prized attribute at 27%. Becoming an effective communicator who can clearly articulate risks to non-technical decision-makers is now seen as essential.
The institute concludes that while people, processes, and technology are all vital components of an effective security posture, addressing the people issue will yield the greatest immediate impact, especially when budget constraints limit technological investment. This budgetary pressure is further confirmed by separate research from IANS and Artico, which shows a significant drop in the number of CISOs receiving budget increases, falling from 62% to just 47% this year. The proportion working with stagnant budgets has also risen, from 26% to 39%, underscoring the financial challenges facing security leaders.
(Source: Info Security)
