Clearwater, FL, September 20, 2018
70% of companies with adequately-staffed cybersecurity departments train and promote from within, and place a priority on hiring professionals with cybersecurity certifications when recruiting externally
(ISC)² – the world’s largest nonprofit association of certified cybersecurity professionals – today announced the findings of its Building a Resilient Cybersecurity Culture study, in which it found that a strong security-focused culture and adherence to best practices helps companies attract and retain cybersecurity talent. (ISC)² commissioned the study to better understand how successful organizations are overcoming the shortage of skilled cybersecurity talent in a demand-heavy, competitive recruitment environment.
“The growing cybersecurity workforce gap has received a lot of media attention. What we haven’t heard as much about is how some companies are actually succeeding in building their security teams even in the face of this competition for talent. Our empirical analysis shows the demonstrable effect cybersecurity leaders can achieve by fostering a strong cybersecurity culture,” said (ISC)² Director of Cybersecurity Advocacy for North America John McCumber. “The human factors of information security are most effectively accessed, developed, and employed by organizations with this critical professional leadership. This new report provides a window into how this gap can be leveraged by individuals and organizations alike to dramatically improve the protection and management of critical information assets.”
The data is based on a survey of 250 U.S. cybersecurity professionals with oversight of hiring and managing security departments, who say their organization does an adequate job of ensuring it has enough cybersecurity expertise on staff. Key insights from the study include:
97% of respondents indicated that their entire executive management team understands the importance of strong security practices and reinforces those messages with staff
When asked which tactics were used to successfully build a strong cyber team, 70% said they hire certified security professionals, 70% train and promote from within, and 52% attribute their success to drafting clear job descriptions
86% said their company employs a CISO
Of these, 57% of the CISOs report directly to either the CEO or the board of directors, indicating the level of importance associated with the position
58% of these companies cited having a strong risk management policy as the #1 reason they are confident their capabilities are adequate to protect their enterprise
About half (51%) of these companies say they employ at least two dedicated cybersecurity staff, which they believe is critical to cybersecurity readiness
79% of companies said their cybersecurity staff’s average tenure is at least three years
50% have been able to hire talent from the government sector
67% said salary was the biggest draw, while 60% cited the opportunity to work with a strong leadership team, and 59% believe the opportunity to work for a mission-based organization helps win over recruits from the public sector
For more insights, the full study can be downloaded at www.isc2.org/research.
Findings are based on a blind survey of 250 cybersecurity professionals within the United States
conducted by Market Cube, LLC, on behalf of (ISC)² in August 2018.