- Eight in 10 CISOs with small security teams say it takes more than four months to "get up to speed" with deployments and master security tools, according to a Cynet survey of 200 CISOs at companies with 500 to 10,000 employees. The survey focused on CISOs who work with five or less members on their security team.
- Compared to larger enterprises, 63% of respondents said they are at an increased risk due to personnel and budgetary constraints. More than half of CISOs (57%) said their protection abilities are "overtly lower" than they'd prefer.
- This year, 85% CISOs expect their budgets to increase by at least 5%; less than one-quarter plan on a budget increase over 10%, according to the survey.
In companies of smaller sizes, the CISO role may look different from its enterprise counterparts.
In security teams with fewer than five people, 70% have a budget under $1 million. Because of the limitations of a small team and funds, at least 16% of respondents said their teams ignore alerts for automated mitigations and 14% only view "critical" alerts.
These CISOs are looking for automation to fill in the gaps, however, new cyber skills will always be required.
Cybersecurity "parallels the digital transformation scenario. New skills emerge out of these transformation events and we're starting to see that in security as well," said Toby Bussa, VP analyst at Gartner, while speaking at the Gartner IT Symposium/Xpo Americas in October.
To choose a new security solution, CISOs with small teams rely on an employee with existing experience with a technology, according to Cynet. CISOs also consider how solutions complement tools already in use.
The cybersecurity roles of tomorrow are expected to complement defense, risk management and the CIO's strategy. Depending on the company, CIO/CISO reporting structure could unintentionally cause a conflict of interest while setting budgets with the board.
Security could become second to IT pushes, which forces security teams to stretch their technology without more personnel. As a result, CISOs of smaller companies have to consolidate security tools to fewer platforms.
The majority of CISOs (57%) prefer the public cloud for deploying security technologies in part due to its cost-effectiveness, according to the survey. Twenty-one percent of CISOs prefer on-premise solutions, followed by 13% who prefer a hybrid environment and 9% who use virtual private clouds.
"Cybersecurity should not be the insurance policy for an organization. It must move away from copying that cost center to a value generator," said Bussa.
Yet nearly half of CISOs say a lack of skills for protecting against cyberattacks is their main challenge. Forty-three percent said the threat landscape is outpacing the resources and skills they have available. And only 39% of CISOs said they have a dedicated team member for chasing all alerts.