In the rapidly evolving threat landscape, cybersecurity professionals are the frontline defence against cyber-attacks and play a crucial role in ensuring business continuity. However, there is a growing concern that cybersecurity professionals are losing their relevance causing high turnover rates, despite their valuable contribution to an organisation’s success, says Darrin Reynolds, CISO at the cyber firm Edgio.
According to a recent survey, half of cybersecurity leaders state that they will change jobs by 2025, with a quarter switching to different roles entirely. This is a concerning trend, particularly given the current shortage of 3.4 million people in the industry. However, it is not a skills gap issue, but rather a relevance gap that can be bridged by bringing cybersecurity to the forefront of an organisation’s decision-making process.
Forefront of decision-making
To achieve this, CISOs need to combat misunderstandings in senior leadership and shift the company’s mindset of security from a problem to fix to an ongoing process integrated with current technology practices. Cybersecurity must take its rightful place at the boardroom table, where CISOs can communicate their value effectively to leaders and receive the recognition they deserve.
Learning a new language
Once cybersecurity professionals find themselves on the board, they need to learn a new language to speak to the board, translating technical information into digestible updates that showcase their achievements and paint a clearer picture of what could happen if cybersecurity measures are not proactively integrated. The board is accustomed to dealing with numbers, metrics, and tangible outcomes, so security experts need to look at how to fix things in a cost-effective way and explain them clearly.
Importance of cybersecurity
With limited understanding from employees and the board, companies can easily be left vulnerable to attack. Cyberattacks are increasing exponentially every year, with one DDoS attack occurring every three seconds, according to NETSCOUT. For most organisations, it’s not if a cyberattack is going to occur, but when. IBM’s annual Data Breach Report revealed that the average data breach cost in 2022 was USD 4.35 million—an all-time high. Gartner has estimated the cost of downtime from DDoS attacks to be $300,000 per hour.
Viewing cyber holistically
Cybersecurity needs to be viewed holistically, as an ongoing process rather than a problem to be solved. The board needs to understand that security is important, part of a continuing chain that follows a trajectory of data protection and enriching a corporation. Security leads to privacy, and once those two are checked, then data monetisation can be explored – giving the board the opportunity to gain the tangible outcomes they desire.
New legal requirements
In addition, new requirements proposed by the US Securities and Exchange Commission (SEC) could make it mandatory for some organisations to put cybersecurity protections in place that are deemed fit for the digital age. As organisations become increasingly reliant on security experts to ensure business continuity and fulfil new legal requirements, cybersecurity will soon find its place on the board.
Wrapping up
As the importance of cybersecurity continues to grow, it’s crucial that we bridge the relevance gap and promote the role of cybersecurity professionals. The security industry cannot afford to continue losing talent to other jobs and sectors. By bringing cybersecurity to the forefront of an organisation’s decision-making process, we can ensure that our organisations remain protected and prepared for whatever challenges the future may bring.
