Most enterprise CISOs can’t remember a time when there wasn’ta cybersecurity talent shortage, but a new report from Accenture underscores the extent staff shortages are impacting enterprise cyber defenses in the AI era.
“Only 34% of organizations have a mature cyber strategy. Fewer still — just 13% — possess the advanced cyber capabilities needed to defend against modern, AI-driven threats,” the report said. “The vast majority remain exposed, underprepared and at risk of falling behind as AI-powered threats accelerate.”
Central to this issue, Accenture found, are workforce limitations experienced by the vast majority of organizations, as 83% of IT executives identified their cyber talent shortage “as a major obstacle to achieving a strong security posture.”
Industry analysts and cybersecurity practitioners agreed that a talent shortage seen across the industry is having an impact. But they also see ways CISOs can mitigate how persistent workforce deficiencies affect enterprise defense.
“There is a real and persistent cybersecurity talent shortage, and it extends far beyond compensation dynamics. This is a systemic problem that has been building for years,” says Kanwar Preet Singh Sandhu, global head of strategic initiatives for AI security at Tata Consultancy.
“In the US alone, recent workforce data suggests there are only enough professionals to fill 83% of open cybersecurity roles, despite nearly 40% of employers indicating a willingness to increase compensation for high-demand skills like cloud security and threat detection,” Sandhu says. “While a competitive salary is non-negotiable to attract top talent, the core issue remains the lack of specialized skills to defend against today’s sophisticated threats.”
Some enterprise talent challenges, however, are self-inflicted, Sandhu adds, with companies doing little to address the burnout that is driving many of their cybersecurity pros to look elsewhere. A recent survey from IANS found that 53% of cyber functional leaders are eyeing the exit.
“The pressure and high-stress environment of cybersecurity are leading to significant burnout, making even competitive offers less attractive,” Sandhu says. “Organizations must address both the skills gap and the unsustainable culture that is driving their most valuable assets away.”
To help with the former, Sandhu suggests CISOs rethink their source pools for cybersecurity roles.
“Individuals with capabilities in analytics, systems thinking, or behavioral analysis can be rapidly upskilled for cyber roles,” he says.
Michelle Abraham, a senior research director at IDC, believes AI will help sharply reduce burnout in security operations over the next couple of years, potentially helping shore up CISOs’ staffing concerns.
“There certainly are a lot of reports of burnout, a lot of churn, and there’s been a lot of moves in the last few years to come out with more training programs,” Abraham points out. “Burnout partly comes from [having to do] very repetitive things over and over again. Having AI able to triage that will help.”
Gary Longsine, CEO at IllumineX, believes that, while there is a talent shortage, its practical ramifications are often magnified by invested parties. “The talent shortage is dramatically overstated from organizations like Accenture, mostly to try and sell fear to CIOs,” he says.
No Responses