Will People Start Taking Cybersecurity Seriously In 2018?
I spend a lot of my time helping larger companies refactor themselves to meet the challenges of the 21st century. In the early 2000s it was the web, in the late 2000s it was cloud and consumerization, which led quickly on to Big Data. These topics dominated many conversations I’ve had in boardrooms, C-suites and more than a few dinners. In all of those cases, the executives sitting across from me, to a person, were struggling to map something technical, something complicated to their existing worldview. Some succeeded, more than a few failed, and as we see today, the business landscape looks radically different.
Today, those conversations have pivoted towards cybersecurity, but in this case, there’s a much bigger issue staring these executives in the face — finding the people to do the work. Currently, the unemployed cybersecurity workforce sits at 0% and estimates put the number of unfilled rolls in excess of 3 million (registration required) by 2021, up from 2 million next year.
A recent survey of chief information officers (CIOs) showed some disturbing results. Only 10% of CIOs reported cybersecurity as a top business priority, less than 35% felt that their business viewed it as a “cost of doing business” and only 37% of CIOs considered it a core capability of success. Conversely, it is a constant board of directors level conversation, with current models (registration required) showing the average cost of a breach to be over $3.5 million, tracking upward significantly to $40 million if 1 million customer records are compromised.
In a market expected to approach $1 trillion over the next five years, it is amazing to me that we have yet to build a pipeline for identifying potential staff, training, hiring and growing in roles toward the chief security officer role.
Frankly, I am amazed that some of these following questions are still being asked: