State of the CSO in 2013 shows an improved outlook
Our exclusive research into the current condition of the CSO role reveals big progress is being made, but the outlook is far from rosy
December 16, 2013 — CSO — On paper, in many ways, the state of the CSO appears to be improving. Budgets in many enterprises appear to be headed in the right direction: up. So is staffing. CSOs are also getting to do what they've wanted to do for a decade and are spending more time with the top executives in their organizations.
Yet the question remains, are enterprises getting the results they need? That's tough to say. Attacks are becoming more sophisticated, which in turn requires more complex strategies for securing data. For instance, the most recent Verizon Data Breach Investigations Report found that financially motivated cybercrime and state-affiliated espionage campaigns comprise 95 percent of all attacks. And breaches remain undetected for weeks, months and even years.
Perhaps results like that are why 45 percent of security decision-makers questioned in CSO magazine's annual State of the CSO survey reported that their security budgets will rise this year as compared to last year. That's sharply higher than the 38 percent who reported their budgets would increase in 2012. When evaluated by enterprise size, the survey found organizations with $1 billion or more in annual revenue are the most likely to be planning spending increases—54 percent of them expect budget hikes. The likelihood of spending increases dips to 46 percent for small companies and 35 percent for midsize organizations.
The survey, conducted among 280 respondents involved in security purchasing decisions for their companies, also found that just 7 percent expect budget cuts. That's down significantly from 11 percent in 2011.
Not surprisingly, considering the number of enterprises with budgets on the rise, staffing levels are also expected to grow. Fully 34 percent of respondents expect their organizations' full-time security headcount to increase. Also, fewer expect to cut full-time security staff this year—only 8 percent compared to 14 percent last year.
Once again, it is the larger companies that are most likely to be increasing their security resources, with 42 percent planning staffing increases, compared to 37 percent of midsize and 26 percent of small organizations.
Demand for talent still outstrips supply
This demand for skilled IT security professionals continues to strain organizations' ability to attract security talent. In fact, finding and retaining skilled IT security workers was identified as among the greatest challenges for 31 percent of large companies.
Kim Jones, senior vice president and CSO of Vantiv, likens the information security personnel challenges to some of the challenges the intelligence community faced a decade ago: too much reliance on technology and signal intelligence and not enough on human intelligence and analysis. "Unfortunately, we're not getting enough people with the skills we need," Jones says.